./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3778131055 <...> Warning: Permanently added '10.128.1.54' (ECDSA) to the list of known hosts. execve("./syz-executor3778131055", ["./syz-executor3778131055"], 0x7ffe0138f6d0 /* 10 vars */) = 0 brk(NULL) = 0x555556b3a000 brk(0x555556b3ad40) = 0x555556b3ad40 arch_prctl(ARCH_SET_FS, 0x555556b3a400) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x555556b3a6d0) = 5078 set_robust_list(0x555556b3a6e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f265ea3ac40, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f265ea3a190}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f265ea3ace0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f265ea3a190}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3778131055", 4096) = 28 brk(0x555556b5bd40) = 0x555556b5bd40 brk(0x555556b5c000) = 0x555556b5c000 mprotect(0x7f265eafd000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f265ea34030, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f265ea3a190}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f265ea34030, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f265ea3a190}, NULL, 8) = 0 getpid() = 5078 mkdir("./syzkaller.aZ4Mhb", 0700) = 0 chmod("./syzkaller.aZ4Mhb", 0777) = 0 chdir("./syzkaller.aZ4Mhb") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5079 ./strace-static-x86_64: Process 5079 attached [pid 5079] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5079] chdir("./0") = 0 [pid 5079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5079] setpgid(0, 0) = 0 [pid 5079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5079] write(3, "1000", 4) = 4 [pid 5079] close(3) = 0 [pid 5079] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5079] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5079] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5079] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5081 attached , parent_tid=[5081], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5081 [pid 5079] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] set_robust_list(0x7f265ea299e0, 24 [pid 5079] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5081] <... set_robust_list resumed>) = 0 [pid 5081] memfd_create("syzkaller", 0) = 3 [pid 5081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5081] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5081] munmap(0x7f2656609000, 131072) = 0 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5081] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5081] close(3) = 0 [pid 5081] mkdir("./file2", 0777) = 0 [ 66.535273][ T5081] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5081 'syz-executor377' [ 66.552810][ T5081] loop0: detected capacity change from 0 to 256 [ 66.564764][ T5081] exfat: Deprecated parameter 'utf8' [pid 5081] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5081] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5081] chdir("./file2") = 0 [pid 5081] ioctl(4, LOOP_CLR_FD) = 0 [pid 5081] close(4) = 0 [pid 5081] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5081] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5079] <... futex resumed>) = 0 [pid 5079] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = 0 [pid 5079] <... futex resumed>) = 1 [pid 5081] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5079] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... openat resumed>) = 4 [pid 5081] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5081] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5079] <... futex resumed>) = 0 [pid 5079] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = 0 [pid 5079] <... futex resumed>) = 1 [pid 5081] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5079] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... openat resumed>) = 5 [pid 5081] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5081] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5079] <... futex resumed>) = 0 [pid 5079] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5079] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... futex resumed>) = 0 [pid 5081] write(4, "\x00\x00", 2) = 2 [pid 5081] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... futex resumed>) = 0 [pid 5079] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5079] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5079] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5082 attached , parent_tid=[5082], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5082 [pid 5079] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] set_robust_list(0x7f26566289e0, 24 [pid 5081] <... futex resumed>) = 1 [pid 5081] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5082] <... set_robust_list resumed>) = 0 [pid 5081] <... mmap resumed>) = 0x20000000 [pid 5082] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5081] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5082] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5079] <... futex resumed>) = 0 [pid 5082] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5079] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = 0 [pid 5079] <... futex resumed>) = 1 [pid 5081] getdents64(-1, [pid 5079] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5081] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5079] <... futex resumed>) = 0 [pid 5081] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5079] exit_group(0 [pid 5082] <... futex resumed>) = ? [pid 5081] <... futex resumed>) = ? [pid 5079] <... exit_group resumed>) = ? [pid 5081] +++ exited with 0 +++ [pid 5082] +++ exited with 0 +++ [pid 5079] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5079, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 [ 66.578890][ T5081] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./0/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5083 ./strace-static-x86_64: Process 5083 attached [pid 5083] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5083] chdir("./1") = 0 [pid 5083] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5083] setpgid(0, 0) = 0 [pid 5083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5083] write(3, "1000", 4) = 4 [pid 5083] close(3) = 0 [pid 5083] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5083] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5083] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5083] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5084], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5084 [pid 5083] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5084 attached [pid 5084] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5084] memfd_create("syzkaller", 0) = 3 [pid 5084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5084] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5084] munmap(0x7f2656609000, 131072) = 0 [pid 5084] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5084] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5084] close(3) = 0 [pid 5084] mkdir("./file2", 0777) = 0 [pid 5084] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5084] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5084] chdir("./file2") = 0 [pid 5084] ioctl(4, LOOP_CLR_FD) = 0 [pid 5084] close(4) = 0 [pid 5084] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5083] <... futex resumed>) = 0 [pid 5084] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5083] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... openat resumed>) = 4 [pid 5084] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = 0 [pid 5083] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... futex resumed>) = 1 [pid 5084] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5084] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = 0 [pid 5083] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... futex resumed>) = 1 [pid 5084] write(4, "\x00\x00", 2) = 2 [pid 5084] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = 0 [pid 5083] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5083] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5083] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5085], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5085 [pid 5083] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5085 attached ) = 0 [pid 5083] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] set_robust_list(0x7f26566289e0, 24 [pid 5084] <... futex resumed>) = 1 [pid 5084] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5085] <... set_robust_list resumed>) = 0 [pid 5084] <... mmap resumed>) = 0x20000000 [pid 5084] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5085] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5085] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = 0 [pid 5083] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5083] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... futex resumed>) = 0 [pid 5084] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5084] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = 0 [pid 5083] exit_group(0) = ? [pid 5084] <... futex resumed>) = ? [pid 5084] +++ exited with 0 +++ [pid 5085] <... futex resumed>) = ? [pid 5085] +++ exited with 0 +++ [pid 5083] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5083, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 [ 66.704470][ T5084] loop0: detected capacity change from 0 to 256 [ 66.716399][ T5084] exfat: Deprecated parameter 'utf8' [ 66.727436][ T5084] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./1/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5086 ./strace-static-x86_64: Process 5086 attached [pid 5086] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5086] chdir("./2") = 0 [pid 5086] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5086] setpgid(0, 0) = 0 [pid 5086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5086] write(3, "1000", 4) = 4 [pid 5086] close(3) = 0 [pid 5086] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5086] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5086] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5086] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5087], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5087 [pid 5086] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5087 attached [pid 5087] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5087] memfd_create("syzkaller", 0) = 3 [pid 5087] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5087] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5087] munmap(0x7f2656609000, 131072) = 0 [pid 5087] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5087] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5087] close(3) = 0 [pid 5087] mkdir("./file2", 0777) = 0 [pid 5087] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5087] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5087] chdir("./file2") = 0 [pid 5087] ioctl(4, LOOP_CLR_FD) = 0 [pid 5087] close(4) = 0 [pid 5087] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5087] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5086] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] <... openat resumed>) = 4 [pid 5087] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... futex resumed>) = 0 [pid 5087] <... futex resumed>) = 1 [pid 5087] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5086] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] <... openat resumed>) = 5 [pid 5087] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5087] write(4, "\x00\x00", 2 [pid 5086] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... write resumed>) = 2 [pid 5086] <... futex resumed>) = 0 [pid 5086] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5087] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5086] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5086] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5087] <... mmap resumed>) = 0x20000000 [pid 5086] <... mprotect resumed>) = 0 [pid 5086] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5088], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5088 [pid 5086] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5088 attached ) = 0 [pid 5088] set_robust_list(0x7f26566289e0, 24 [pid 5086] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] <... set_robust_list resumed>) = 0 [pid 5088] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5088] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [ 66.815714][ T5087] loop0: detected capacity change from 0 to 256 [ 66.826530][ T5087] exfat: Deprecated parameter 'utf8' [ 66.837946][ T5087] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5087] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5088] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5087] <... futex resumed>) = 0 [pid 5086] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] getdents64(-1, [pid 5086] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5087] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5087] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] exit_group(0 [pid 5088] <... futex resumed>) = ? [pid 5087] <... futex resumed>) = ? [pid 5086] <... exit_group resumed>) = ? [pid 5088] +++ exited with 0 +++ [pid 5087] +++ exited with 0 +++ [pid 5086] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5086, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 umount2("./2/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5089 ./strace-static-x86_64: Process 5089 attached [pid 5089] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5089] chdir("./3") = 0 [pid 5089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5089] setpgid(0, 0) = 0 [pid 5089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5089] write(3, "1000", 4) = 4 [pid 5089] close(3) = 0 [pid 5089] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5089] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5089] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5089] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5090 attached , parent_tid=[5090], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5090 [pid 5089] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5090] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5090] memfd_create("syzkaller", 0) = 3 [pid 5090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5090] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5090] munmap(0x7f2656609000, 131072) = 0 [pid 5090] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5090] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5090] close(3) = 0 [pid 5090] mkdir("./file2", 0777) = 0 [pid 5090] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5090] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5090] chdir("./file2") = 0 [pid 5090] ioctl(4, LOOP_CLR_FD) = 0 [pid 5090] close(4) = 0 [pid 5090] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... futex resumed>) = 0 [pid 5089] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] <... futex resumed>) = 1 [pid 5090] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5090] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... futex resumed>) = 0 [pid 5089] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] <... futex resumed>) = 1 [pid 5090] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5090] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5089] <... futex resumed>) = 0 [pid 5089] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] write(4, "\x00\x00", 2) = 2 [pid 5090] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5089] <... futex resumed>) = 0 [pid 5089] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5089] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5089] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5090] <... futex resumed>) = 0 [pid 5089] <... mprotect resumed>) = 0 [pid 5089] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5091 attached [pid 5090] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5089] <... clone resumed>, parent_tid=[5091], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5091 [pid 5091] set_robust_list(0x7f26566289e0, 24 [pid 5090] <... mmap resumed>) = 0x20000000 [pid 5090] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5089] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... set_robust_list resumed>) = 0 [pid 5091] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5091] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5091] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... futex resumed>) = 0 [pid 5089] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5089] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] <... futex resumed>) = 0 [pid 5090] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5090] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... futex resumed>) = 0 [pid 5089] exit_group(0) = ? [pid 5090] <... futex resumed>) = ? [pid 5090] +++ exited with 0 +++ [pid 5091] <... futex resumed>) = ? [pid 5091] +++ exited with 0 +++ [pid 5089] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5089, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 [ 66.951556][ T5090] loop0: detected capacity change from 0 to 256 [ 66.960547][ T5090] exfat: Deprecated parameter 'utf8' [ 66.972386][ T5090] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./3/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5092 ./strace-static-x86_64: Process 5092 attached [pid 5092] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5092] chdir("./4") = 0 [pid 5092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5092] setpgid(0, 0) = 0 [pid 5092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5092] write(3, "1000", 4) = 4 [pid 5092] close(3) = 0 [pid 5092] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5092] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5092] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5092] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5093], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5093 [pid 5092] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5093 attached [pid 5093] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5093] memfd_create("syzkaller", 0) = 3 [pid 5093] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5093] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5093] munmap(0x7f2656609000, 131072) = 0 [pid 5093] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5093] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5093] close(3) = 0 [pid 5093] mkdir("./file2", 0777) = 0 [pid 5093] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5093] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5093] chdir("./file2") = 0 [pid 5093] ioctl(4, LOOP_CLR_FD) = 0 [pid 5093] close(4) = 0 [pid 5093] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = 0 [pid 5092] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... futex resumed>) = 1 [pid 5093] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5093] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = 0 [pid 5092] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... futex resumed>) = 1 [pid 5093] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5093] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = 0 [pid 5092] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... futex resumed>) = 1 [pid 5093] write(4, "\x00\x00", 2) = 2 [pid 5093] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = 0 [pid 5092] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5092] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5092] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5094], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5094 [pid 5092] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... futex resumed>) = 1 [pid 5093] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5093] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5094 attached [pid 5094] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5094] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5094] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5094] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = 0 [pid 5092] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5092] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... futex resumed>) = 0 [pid 5093] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5093] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = 0 [pid 5092] exit_group(0) = ? [pid 5093] <... futex resumed>) = ? [pid 5093] +++ exited with 0 +++ [pid 5094] <... futex resumed>) = ? [pid 5094] +++ exited with 0 +++ [pid 5092] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5092, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 umount2("./4/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 67.067499][ T5093] loop0: detected capacity change from 0 to 256 [ 67.076974][ T5093] exfat: Deprecated parameter 'utf8' [ 67.089142][ T5093] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5095 ./strace-static-x86_64: Process 5095 attached [pid 5095] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5095] chdir("./5") = 0 [pid 5095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5095] setpgid(0, 0) = 0 [pid 5095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5095] write(3, "1000", 4) = 4 [pid 5095] close(3) = 0 [pid 5095] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5095] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5095] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5095] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5096], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5096 [pid 5095] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5096 attached [pid 5096] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5096] memfd_create("syzkaller", 0) = 3 [pid 5096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5096] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5096] munmap(0x7f2656609000, 131072) = 0 [pid 5096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5096] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5096] close(3) = 0 [pid 5096] mkdir("./file2", 0777) = 0 [pid 5096] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5096] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5096] chdir("./file2") = 0 [pid 5096] ioctl(4, LOOP_CLR_FD) = 0 [pid 5096] close(4) = 0 [pid 5096] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] <... futex resumed>) = 0 [pid 5095] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] <... futex resumed>) = 1 [pid 5096] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5096] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] <... futex resumed>) = 0 [pid 5096] <... futex resumed>) = 1 [pid 5095] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5095] <... futex resumed>) = 0 [pid 5095] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] <... openat resumed>) = 5 [pid 5096] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] <... futex resumed>) = 0 [pid 5096] write(4, "\x00\x00", 2 [pid 5095] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... write resumed>) = 2 [pid 5095] <... futex resumed>) = 0 [pid 5096] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] <... futex resumed>) = 0 [pid 5095] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5096] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5095] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... mmap resumed>) = 0x20000000 [pid 5095] <... futex resumed>) = 0 [pid 5096] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... futex resumed>) = 0 [pid 5095] <... futex resumed>) = 0 [pid 5096] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5095] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5095] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5097], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5097 [pid 5095] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5097 attached [pid 5097] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5097] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5097] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5097] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] <... futex resumed>) = 0 [pid 5095] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... futex resumed>) = 0 [pid 5095] <... futex resumed>) = 1 [pid 5096] getdents64(-1, [pid 5095] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5096] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] <... futex resumed>) = 0 [pid 5096] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] exit_group(0 [pid 5096] <... futex resumed>) = ? [pid 5095] <... exit_group resumed>) = ? [pid 5096] +++ exited with 0 +++ [pid 5097] <... futex resumed>) = ? [pid 5097] +++ exited with 0 +++ [pid 5095] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5095, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 umount2("./5/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 [ 67.178358][ T5096] loop0: detected capacity change from 0 to 256 [ 67.188296][ T5096] exfat: Deprecated parameter 'utf8' [ 67.198954][ T5096] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5098 ./strace-static-x86_64: Process 5098 attached [pid 5098] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5098] chdir("./6") = 0 [pid 5098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5098] setpgid(0, 0) = 0 [pid 5098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5098] write(3, "1000", 4) = 4 [pid 5098] close(3) = 0 [pid 5098] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5098] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5098] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5098] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5099 attached , parent_tid=[5099], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5099 [pid 5098] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5099] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5099] memfd_create("syzkaller", 0) = 3 [pid 5099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5099] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5099] munmap(0x7f2656609000, 131072) = 0 [pid 5099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5099] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5099] close(3) = 0 [pid 5099] mkdir("./file2", 0777) = 0 [pid 5099] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5099] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5099] chdir("./file2") = 0 [pid 5099] ioctl(4, LOOP_CLR_FD) = 0 [pid 5099] close(4) = 0 [pid 5099] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... futex resumed>) = 0 [pid 5098] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] <... futex resumed>) = 1 [pid 5099] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5099] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... futex resumed>) = 0 [pid 5098] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] <... futex resumed>) = 1 [pid 5099] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5099] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... futex resumed>) = 0 [pid 5099] <... futex resumed>) = 1 [pid 5098] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] write(4, "\x00\x00", 2 [pid 5098] <... futex resumed>) = 0 [pid 5099] <... write resumed>) = 2 [pid 5098] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5098] <... futex resumed>) = 0 [pid 5099] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5098] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5098] <... futex resumed>) = 0 [pid 5099] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5098] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5099] <... mmap resumed>) = 0x20000000 [pid 5098] <... mmap resumed>) = 0x7f2656608000 [pid 5099] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5099] <... futex resumed>) = 0 [pid 5098] <... mprotect resumed>) = 0 [pid 5099] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5098] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5100 attached [pid 5100] set_robust_list(0x7f26566289e0, 24 [pid 5098] <... clone resumed>, parent_tid=[5100], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5100 [pid 5100] <... set_robust_list resumed>) = 0 [pid 5098] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5098] <... futex resumed>) = 0 [pid 5100] openat(AT_FDCWD, "", O_RDONLY [pid 5098] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5100] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5098] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5098] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5098] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] <... futex resumed>) = 0 [pid 5099] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5099] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5098] <... futex resumed>) = 0 [pid 5099] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5098] exit_group(0 [pid 5100] <... futex resumed>) = ? [pid 5099] <... futex resumed>) = ? [pid 5098] <... exit_group resumed>) = ? [pid 5100] +++ exited with 0 +++ [pid 5099] +++ exited with 0 +++ [pid 5098] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5098, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 67.292961][ T5099] loop0: detected capacity change from 0 to 256 [ 67.302944][ T5099] exfat: Deprecated parameter 'utf8' [ 67.314165][ T5099] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) unlink("./6/binderfs") = 0 umount2("./6/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5101 ./strace-static-x86_64: Process 5101 attached [pid 5101] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5101] chdir("./7") = 0 [pid 5101] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5101] setpgid(0, 0) = 0 [pid 5101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5101] write(3, "1000", 4) = 4 [pid 5101] close(3) = 0 [pid 5101] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5101] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5101] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5101] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5102], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5102 [pid 5101] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5102 attached [pid 5102] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5102] memfd_create("syzkaller", 0) = 3 [pid 5102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5102] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5102] munmap(0x7f2656609000, 131072) = 0 [pid 5102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5102] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5102] close(3) = 0 [pid 5102] mkdir("./file2", 0777) = 0 [pid 5102] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5102] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5102] chdir("./file2") = 0 [pid 5102] ioctl(4, LOOP_CLR_FD) = 0 [pid 5102] close(4) = 0 [pid 5102] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] <... futex resumed>) = 1 [pid 5102] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5102] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] <... futex resumed>) = 1 [pid 5102] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5102] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] <... futex resumed>) = 1 [pid 5102] write(4, "\x00\x00", 2) = 2 [pid 5102] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5101] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5102] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5101] <... mprotect resumed>) = 0 [pid 5101] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5102] <... mmap resumed>) = 0x20000000 [pid 5101] <... clone resumed>, parent_tid=[5103], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5103 [pid 5101] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5103 attached [pid 5103] set_robust_list(0x7f26566289e0, 24 [pid 5102] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5103] <... set_robust_list resumed>) = 0 [pid 5103] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5103] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5103] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5103] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] <... futex resumed>) = 0 [pid 5101] <... futex resumed>) = 1 [pid 5101] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5102] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5102] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] exit_group(0) = ? [pid 5102] <... futex resumed>) = ? [pid 5103] <... futex resumed>) = ? [pid 5102] +++ exited with 0 +++ [pid 5103] +++ exited with 0 +++ [pid 5101] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5101, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./7/binderfs") = 0 [ 67.407773][ T5102] loop0: detected capacity change from 0 to 256 [ 67.417980][ T5102] exfat: Deprecated parameter 'utf8' [ 67.430165][ T5102] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./7/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./7/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5104 ./strace-static-x86_64: Process 5104 attached [pid 5104] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5104] chdir("./8") = 0 [pid 5104] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5104] setpgid(0, 0) = 0 [pid 5104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5104] write(3, "1000", 4) = 4 [pid 5104] close(3) = 0 [pid 5104] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5104] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5104] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5104] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5105], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5105 [pid 5104] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5105 attached [pid 5105] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5105] memfd_create("syzkaller", 0) = 3 [pid 5105] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5105] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5105] munmap(0x7f2656609000, 131072) = 0 [pid 5105] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5105] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5105] close(3) = 0 [pid 5105] mkdir("./file2", 0777) = 0 [pid 5105] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5105] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5105] chdir("./file2") = 0 [pid 5105] ioctl(4, LOOP_CLR_FD) = 0 [pid 5105] close(4) = 0 [pid 5105] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] <... futex resumed>) = 0 [pid 5104] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] <... futex resumed>) = 1 [pid 5105] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5105] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] <... futex resumed>) = 0 [pid 5104] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] <... futex resumed>) = 1 [pid 5105] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5105] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] <... futex resumed>) = 0 [pid 5104] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] <... futex resumed>) = 1 [pid 5105] write(4, "\x00\x00", 2) = 2 [pid 5105] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] <... futex resumed>) = 0 [pid 5104] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5104] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5105] <... futex resumed>) = 1 [pid 5104] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5105] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5104] <... clone resumed>, parent_tid=[5106], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5106 [pid 5104] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5106 attached [pid 5105] <... mmap resumed>) = 0x20000000 [pid 5105] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5106] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5106] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5106] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5106] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] <... futex resumed>) = 0 [pid 5104] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] <... futex resumed>) = 0 [pid 5104] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] getdents64(-1, [pid 5106] <... futex resumed>) = 1 [pid 5105] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5106] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5105] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] <... futex resumed>) = 0 [pid 5105] <... futex resumed>) = 1 [pid 5104] exit_group(0) = ? [pid 5106] <... futex resumed>) = ? [pid 5106] +++ exited with 0 +++ [pid 5105] +++ exited with 0 +++ [pid 5104] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5104, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./8/binderfs") = 0 [ 67.525851][ T5105] loop0: detected capacity change from 0 to 256 [ 67.534758][ T5105] exfat: Deprecated parameter 'utf8' [ 67.546391][ T5105] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./8/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./8/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5107 ./strace-static-x86_64: Process 5107 attached [pid 5107] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5107] chdir("./9") = 0 [pid 5107] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5107] setpgid(0, 0) = 0 [pid 5107] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5107] write(3, "1000", 4) = 4 [pid 5107] close(3) = 0 [pid 5107] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5107] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5107] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5107] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5108], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5108 [pid 5107] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5108 attached [pid 5108] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5108] memfd_create("syzkaller", 0) = 3 [pid 5108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5108] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5108] munmap(0x7f2656609000, 131072) = 0 [pid 5108] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5108] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5108] close(3) = 0 [pid 5108] mkdir("./file2", 0777) = 0 [pid 5108] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5108] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5108] chdir("./file2") = 0 [pid 5108] ioctl(4, LOOP_CLR_FD) = 0 [pid 5108] close(4) = 0 [pid 5108] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5107] <... futex resumed>) = 0 [pid 5108] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5107] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5107] <... futex resumed>) = 0 [pid 5108] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5107] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] <... openat resumed>) = 4 [pid 5108] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5107] <... futex resumed>) = 0 [pid 5108] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5107] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5107] <... futex resumed>) = 0 [pid 5108] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5107] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] <... openat resumed>) = 5 [pid 5108] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5107] <... futex resumed>) = 0 [pid 5107] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] <... futex resumed>) = 0 [pid 5107] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] write(4, "\x00\x00", 2) = 2 [pid 5108] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5107] <... futex resumed>) = 0 [pid 5108] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5107] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5107] <... futex resumed>) = 0 [pid 5108] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5107] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] <... mmap resumed>) = 0x20000000 [pid 5107] <... futex resumed>) = 0 [pid 5108] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5108] <... futex resumed>) = 0 [pid 5107] <... mmap resumed>) = 0x7f2656608000 [pid 5108] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5107] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5107] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5109 attached , parent_tid=[5109], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5109 [pid 5107] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5109] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5109] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5109] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5109] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5107] <... futex resumed>) = 0 [pid 5109] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5107] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] <... futex resumed>) = 0 [pid 5107] <... futex resumed>) = 1 [pid 5108] getdents64(-1, [pid 5107] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5108] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5107] <... futex resumed>) = 0 [pid 5108] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5107] exit_group(0 [pid 5109] <... futex resumed>) = ? [pid 5108] <... futex resumed>) = ? [pid 5107] <... exit_group resumed>) = ? [pid 5109] +++ exited with 0 +++ [pid 5108] +++ exited with 0 +++ [pid 5107] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5107, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./9/binderfs") = 0 umount2("./9/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 67.643279][ T5108] loop0: detected capacity change from 0 to 256 [ 67.653580][ T5108] exfat: Deprecated parameter 'utf8' [ 67.663245][ T5108] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./9/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./9/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5110 ./strace-static-x86_64: Process 5110 attached [pid 5110] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5110] chdir("./10") = 0 [pid 5110] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5110] setpgid(0, 0) = 0 [pid 5110] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5110] write(3, "1000", 4) = 4 [pid 5110] close(3) = 0 [pid 5110] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5110] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5110] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5110] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5111], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5111 [pid 5110] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5111 attached [pid 5111] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5111] memfd_create("syzkaller", 0) = 3 [pid 5111] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5111] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5111] munmap(0x7f2656609000, 131072) = 0 [pid 5111] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5111] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5111] close(3) = 0 [pid 5111] mkdir("./file2", 0777) = 0 [pid 5111] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5111] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5111] chdir("./file2") = 0 [pid 5111] ioctl(4, LOOP_CLR_FD) = 0 [pid 5111] close(4) = 0 [pid 5111] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5111] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5111] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] write(4, "\x00\x00", 2) = 2 [pid 5111] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5110] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5110] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5112 attached [pid 5112] set_robust_list(0x7f26566289e0, 24 [pid 5110] <... clone resumed>, parent_tid=[5112], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5112 [pid 5112] <... set_robust_list resumed>) = 0 [pid 5111] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5110] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... mmap resumed>) = 0x20000000 [pid 5112] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5111] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5111] <... futex resumed>) = 0 [pid 5112] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5112] <... futex resumed>) = 1 [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5111] <... futex resumed>) = 0 [pid 5110] <... futex resumed>) = 1 [pid 5111] getdents64(-1, [pid 5110] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5111] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] <... futex resumed>) = 0 [pid 5111] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5110] exit_group(0 [pid 5112] <... futex resumed>) = ? [pid 5110] <... exit_group resumed>) = ? [pid 5111] <... futex resumed>) = ? [pid 5112] +++ exited with 0 +++ [pid 5111] +++ exited with 0 +++ [pid 5110] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5110, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./10/binderfs") = 0 [ 67.764509][ T5111] loop0: detected capacity change from 0 to 256 [ 67.775439][ T5111] exfat: Deprecated parameter 'utf8' [ 67.786234][ T5111] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./10/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./10/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5113 ./strace-static-x86_64: Process 5113 attached [pid 5113] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5113] chdir("./11") = 0 [pid 5113] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5113] setpgid(0, 0) = 0 [pid 5113] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5113] write(3, "1000", 4) = 4 [pid 5113] close(3) = 0 [pid 5113] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5113] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5113] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5113] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5114], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5114 [pid 5113] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5114 attached [pid 5114] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5114] memfd_create("syzkaller", 0) = 3 [pid 5114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5114] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5114] munmap(0x7f2656609000, 131072) = 0 [pid 5114] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5114] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5114] close(3) = 0 [pid 5114] mkdir("./file2", 0777) = 0 [pid 5114] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5114] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5114] chdir("./file2") = 0 [pid 5114] ioctl(4, LOOP_CLR_FD) = 0 [pid 5114] close(4) = 0 [pid 5114] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5113] <... futex resumed>) = 0 [pid 5113] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5114] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5113] <... futex resumed>) = 0 [pid 5113] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5114] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5113] <... futex resumed>) = 0 [pid 5114] write(4, "\x00\x00", 2 [pid 5113] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] <... write resumed>) = 2 [pid 5113] <... futex resumed>) = 0 [pid 5114] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] <... futex resumed>) = 0 [pid 5113] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5114] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5113] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] <... mmap resumed>) = 0x20000000 [pid 5113] <... futex resumed>) = 0 [pid 5114] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] <... futex resumed>) = 0 [pid 5113] <... futex resumed>) = 0 [pid 5114] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5113] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5113] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5115 attached , parent_tid=[5115], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5115 [pid 5113] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5115] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5115] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [ 67.886482][ T5114] loop0: detected capacity change from 0 to 256 [ 67.906913][ T5114] exfat: Deprecated parameter 'utf8' [ 67.918381][ T5114] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5115] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5115] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5113] <... futex resumed>) = 0 [pid 5113] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] <... futex resumed>) = 0 [pid 5113] <... futex resumed>) = 1 [pid 5114] getdents64(-1, [pid 5113] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5114] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5113] <... futex resumed>) = 0 [pid 5114] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] exit_group(0 [pid 5115] ???( [pid 5114] <... futex resumed>) = ? [pid 5113] <... exit_group resumed>) = ? [pid 5115] <... ??? resumed>) = ? [pid 5114] +++ exited with 0 +++ [pid 5115] +++ exited with 0 +++ [pid 5113] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5113, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./11/binderfs") = 0 umount2("./11/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./11/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5116 ./strace-static-x86_64: Process 5116 attached [pid 5116] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5116] chdir("./12") = 0 [pid 5116] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5116] setpgid(0, 0) = 0 [pid 5116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5116] write(3, "1000", 4) = 4 [pid 5116] close(3) = 0 [pid 5116] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5116] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5116] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5116] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5117], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5117 [pid 5116] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5117 attached [pid 5117] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5117] memfd_create("syzkaller", 0) = 3 [pid 5117] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5117] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5117] munmap(0x7f2656609000, 131072) = 0 [pid 5117] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5117] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5117] close(3) = 0 [pid 5117] mkdir("./file2", 0777) = 0 [pid 5117] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5117] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5117] chdir("./file2") = 0 [pid 5117] ioctl(4, LOOP_CLR_FD) = 0 [pid 5117] close(4) = 0 [pid 5117] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... futex resumed>) = 0 [pid 5116] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] <... futex resumed>) = 1 [pid 5117] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5117] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... futex resumed>) = 0 [pid 5116] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] <... futex resumed>) = 1 [pid 5117] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5117] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... futex resumed>) = 0 [pid 5116] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] <... futex resumed>) = 1 [pid 5117] write(4, "\x00\x00", 2) = 2 [pid 5117] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... futex resumed>) = 0 [pid 5116] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5116] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [ 68.007899][ T5117] loop0: detected capacity change from 0 to 256 [ 68.016934][ T5080] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 68.021769][ T5117] exfat: Deprecated parameter 'utf8' [ 68.042928][ T5117] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5116] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5118], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5118 [pid 5116] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] <... futex resumed>) = 1 [pid 5117] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5117] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5117] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5118 attached [pid 5118] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5118] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5118] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5118] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... futex resumed>) = 0 [pid 5116] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] <... futex resumed>) = 0 [pid 5117] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5117] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... futex resumed>) = 0 [pid 5116] exit_group(0) = ? [pid 5117] <... futex resumed>) = ? [pid 5117] +++ exited with 0 +++ [pid 5118] <... futex resumed>) = ? [pid 5118] +++ exited with 0 +++ [pid 5116] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5116, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./12/binderfs") = 0 umount2("./12/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./12/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5119 attached [pid 5119] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5119] chdir("./13") = 0 [pid 5119] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5119] setpgid(0, 0) = 0 [pid 5119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5119] write(3, "1000", 4) = 4 [pid 5119] close(3) = 0 [pid 5119] symlink("/dev/binderfs", "./binderfs" [pid 5078] <... clone resumed>, child_tidptr=0x555556b3a6d0) = 5119 [pid 5119] <... symlink resumed>) = 0 [pid 5119] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5119] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5119] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5120], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5120 [pid 5119] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5120 attached [pid 5120] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5120] memfd_create("syzkaller", 0) = 3 [pid 5120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5120] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5120] munmap(0x7f2656609000, 131072) = 0 [pid 5120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5120] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5120] close(3) = 0 [pid 5120] mkdir("./file2", 0777) = 0 [pid 5120] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5120] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5120] chdir("./file2") = 0 [pid 5120] ioctl(4, LOOP_CLR_FD) = 0 [pid 5120] close(4) = 0 [pid 5120] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5120] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5119] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] <... openat resumed>) = 4 [pid 5120] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5120] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5119] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] <... openat resumed>) = 5 [pid 5119] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5120] write(4, "\x00\x00", 2 [pid 5119] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... write resumed>) = 2 [pid 5119] <... futex resumed>) = 0 [pid 5120] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] <... futex resumed>) = 0 [pid 5119] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5120] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5119] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... mmap resumed>) = 0x20000000 [pid 5119] <... futex resumed>) = 0 [pid 5120] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... futex resumed>) = 0 [pid 5119] <... futex resumed>) = 0 [pid 5120] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5119] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5119] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5121], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5121 [pid 5119] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5121 attached [pid 5121] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5121] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5121] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5121] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... futex resumed>) = 0 [pid 5119] <... futex resumed>) = 1 [pid 5120] getdents64(-1, [pid 5119] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5120] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5120] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] exit_group(0 [pid 5120] <... futex resumed>) = ? [pid 5119] <... exit_group resumed>) = ? [pid 5120] +++ exited with 0 +++ [pid 5121] +++ exited with 0 +++ [pid 5119] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5119, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./13/binderfs") = 0 [ 68.137650][ T5120] loop0: detected capacity change from 0 to 256 [ 68.147801][ T5120] exfat: Deprecated parameter 'utf8' [ 68.161096][ T5120] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./13/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./13/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5122 ./strace-static-x86_64: Process 5122 attached [pid 5122] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5122] chdir("./14") = 0 [pid 5122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5122] setpgid(0, 0) = 0 [pid 5122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5122] write(3, "1000", 4) = 4 [pid 5122] close(3) = 0 [pid 5122] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5122] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5122] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5122] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5123], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5123 ./strace-static-x86_64: Process 5123 attached [pid 5123] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5123] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5123] <... futex resumed>) = 0 [pid 5123] memfd_create("syzkaller", 0 [pid 5122] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5123] <... memfd_create resumed>) = 3 [pid 5123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5123] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5123] munmap(0x7f2656609000, 131072) = 0 [pid 5123] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5123] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5123] close(3) = 0 [pid 5123] mkdir("./file2", 0777) = 0 [pid 5123] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5123] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5123] chdir("./file2") = 0 [pid 5123] ioctl(4, LOOP_CLR_FD) = 0 [pid 5123] close(4) = 0 [pid 5123] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5123] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... futex resumed>) = 1 [pid 5123] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5123] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... futex resumed>) = 1 [pid 5123] write(4, "\x00\x00", 2) = 2 [pid 5123] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5123] <... futex resumed>) = 1 [pid 5122] <... mmap resumed>) = 0x7f2656608000 [pid 5123] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5122] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5122] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5124 attached , parent_tid=[5124], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5124 [pid 5124] set_robust_list(0x7f26566289e0, 24 [pid 5122] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... set_robust_list resumed>) = 0 [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5123] <... mmap resumed>) = 0x20000000 [pid 5123] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5123] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5124] <... openat resumed>) = 6 [pid 5124] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... futex resumed>) = 0 [pid 5123] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 5123] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... futex resumed>) = 0 [pid 5123] <... futex resumed>) = 1 [pid 5122] exit_group(0 [pid 5124] <... futex resumed>) = 1 [pid 5122] <... exit_group resumed>) = ? [pid 5123] +++ exited with 0 +++ [pid 5124] +++ exited with 0 +++ [pid 5122] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5122, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./14/binderfs") = 0 [ 68.253989][ T5123] loop0: detected capacity change from 0 to 256 [ 68.262826][ T5123] exfat: Deprecated parameter 'utf8' [ 68.273530][ T5123] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./14/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./14/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5125 ./strace-static-x86_64: Process 5125 attached [pid 5125] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5125] chdir("./15") = 0 [pid 5125] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5125] setpgid(0, 0) = 0 [pid 5125] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5125] write(3, "1000", 4) = 4 [pid 5125] close(3) = 0 [pid 5125] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5125] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5125] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5125] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5126 attached , parent_tid=[5126], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5126 [pid 5125] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5126] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5126] memfd_create("syzkaller", 0) = 3 [pid 5126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5126] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5126] munmap(0x7f2656609000, 131072) = 0 [pid 5126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5126] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5126] close(3) = 0 [pid 5126] mkdir("./file2", 0777) = 0 [pid 5126] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5126] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5126] chdir("./file2") = 0 [pid 5126] ioctl(4, LOOP_CLR_FD) = 0 [pid 5126] close(4) = 0 [pid 5126] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5126] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5125] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... openat resumed>) = 4 [pid 5126] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5126] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5125] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... openat resumed>) = 5 [pid 5126] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5126] write(4, "\x00\x00", 2 [pid 5125] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... write resumed>) = 2 [pid 5125] <... futex resumed>) = 0 [pid 5126] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... futex resumed>) = 0 [pid 5125] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5126] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5125] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... mmap resumed>) = 0x20000000 [pid 5125] <... futex resumed>) = 0 [pid 5126] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... futex resumed>) = 0 [pid 5125] <... futex resumed>) = 0 [pid 5126] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5125] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5125] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5127 attached , parent_tid=[5127], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5127 [pid 5127] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5127] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] <... futex resumed>) = 0 [pid 5125] <... futex resumed>) = 1 [pid 5127] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5125] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5127] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5127] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5127] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... futex resumed>) = 0 [pid 5125] <... futex resumed>) = 1 [pid 5126] getdents64(-1, [pid 5125] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5126] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5126] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] exit_group(0 [pid 5127] <... futex resumed>) = ? [pid 5126] <... futex resumed>) = ? [pid 5125] <... exit_group resumed>) = ? [pid 5127] +++ exited with 0 +++ [pid 5126] +++ exited with 0 +++ [pid 5125] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5125, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./15/binderfs") = 0 [ 68.384139][ T5126] loop0: detected capacity change from 0 to 256 [ 68.394689][ T5126] exfat: Deprecated parameter 'utf8' [ 68.404714][ T5126] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./15/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./15/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5128 ./strace-static-x86_64: Process 5128 attached [pid 5128] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5128] chdir("./16") = 0 [pid 5128] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5128] setpgid(0, 0) = 0 [pid 5128] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5128] write(3, "1000", 4) = 4 [pid 5128] close(3) = 0 [pid 5128] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5128] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5128] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5128] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5129 attached [pid 5129] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5129] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] <... clone resumed>, parent_tid=[5129], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5129 [pid 5128] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5129] <... futex resumed>) = 0 [pid 5128] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5129] memfd_create("syzkaller", 0) = 3 [pid 5129] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5129] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5129] munmap(0x7f2656609000, 131072) = 0 [pid 5129] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5129] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5129] close(3) = 0 [pid 5129] mkdir("./file2", 0777) = 0 [pid 5129] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5129] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5129] chdir("./file2") = 0 [pid 5129] ioctl(4, LOOP_CLR_FD) = 0 [pid 5129] close(4) = 0 [pid 5129] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5129] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5128] <... futex resumed>) = 0 [pid 5129] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5128] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] <... openat resumed>) = 4 [pid 5129] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5129] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5128] <... futex resumed>) = 0 [pid 5128] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5129] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5128] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] write(4, "\x00\x00", 2) = 2 [pid 5129] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5128] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5128] <... futex resumed>) = 0 [pid 5128] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5129] <... mmap resumed>) = 0x20000000 [pid 5128] <... mmap resumed>) = 0x7f2656608000 [pid 5128] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5129] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] <... mprotect resumed>) = 0 [pid 5128] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5130], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5130 ./strace-static-x86_64: Process 5130 attached [pid 5129] <... futex resumed>) = 0 [pid 5128] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5130] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5130] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5130] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5128] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = 0 [pid 5128] <... futex resumed>) = 1 [pid 5129] getdents64(-1, [pid 5128] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5129] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5129] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] exit_group(0 [pid 5129] <... futex resumed>) = ? [pid 5128] <... exit_group resumed>) = ? [pid 5129] +++ exited with 0 +++ [pid 5130] +++ exited with 0 +++ [pid 5128] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5128, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./16/binderfs") = 0 [ 68.511917][ T5129] loop0: detected capacity change from 0 to 256 [ 68.522314][ T5129] exfat: Deprecated parameter 'utf8' [ 68.532146][ T5129] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./16/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./16/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5131 ./strace-static-x86_64: Process 5131 attached [pid 5131] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5131] chdir("./17") = 0 [pid 5131] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5131] setpgid(0, 0) = 0 [pid 5131] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5131] write(3, "1000", 4) = 4 [pid 5131] close(3) = 0 [pid 5131] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5131] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5131] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5131] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5132 attached , parent_tid=[5132], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5132 [pid 5132] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5132] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5132] <... futex resumed>) = 0 [pid 5131] <... futex resumed>) = 1 [pid 5131] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5132] memfd_create("syzkaller", 0) = 3 [pid 5132] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5132] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5132] munmap(0x7f2656609000, 131072) = 0 [pid 5132] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5132] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5132] close(3) = 0 [pid 5132] mkdir("./file2", 0777) = 0 [pid 5132] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5132] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5132] chdir("./file2") = 0 [pid 5132] ioctl(4, LOOP_CLR_FD) = 0 [pid 5132] close(4) = 0 [pid 5132] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5132] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5132] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5131] <... futex resumed>) = 0 [pid 5132] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5131] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] <... openat resumed>) = 4 [pid 5132] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5132] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5132] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5131] <... futex resumed>) = 0 [pid 5132] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5131] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] <... openat resumed>) = 5 [pid 5132] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5132] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5132] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5131] <... futex resumed>) = 0 [pid 5132] write(4, "\x00\x00", 2 [pid 5131] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] <... write resumed>) = 2 [pid 5132] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5132] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5132] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5131] <... futex resumed>) = 0 [pid 5132] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5131] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5132] <... mmap resumed>) = 0x20000000 [pid 5131] <... futex resumed>) = 0 [pid 5132] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5132] <... futex resumed>) = 0 [pid 5131] <... mmap resumed>) = 0x7f2656608000 [pid 5132] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5131] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5133], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5133 ./strace-static-x86_64: Process 5133 attached [pid 5131] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5133] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5133] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5133] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5133] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5133] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5132] <... futex resumed>) = 0 [pid 5131] <... futex resumed>) = 1 [pid 5132] getdents64(-1, [pid 5131] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5132] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5132] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] exit_group(0 [pid 5133] <... futex resumed>) = ? [pid 5132] <... futex resumed>) = ? [pid 5131] <... exit_group resumed>) = ? [pid 5133] +++ exited with 0 +++ [pid 5132] +++ exited with 0 +++ [pid 5131] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5131, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./17/binderfs") = 0 umount2("./17/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 68.637373][ T5132] loop0: detected capacity change from 0 to 256 [ 68.647575][ T5132] exfat: Deprecated parameter 'utf8' [ 68.658626][ T5132] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./17/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./17/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5134 ./strace-static-x86_64: Process 5134 attached [pid 5134] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5134] chdir("./18") = 0 [pid 5134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5134] setpgid(0, 0) = 0 [pid 5134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5134] write(3, "1000", 4) = 4 [pid 5134] close(3) = 0 [pid 5134] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5134] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5134] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5134] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5135], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5135 [pid 5134] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5135 attached [pid 5135] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5135] memfd_create("syzkaller", 0) = 3 [pid 5135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5135] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5135] munmap(0x7f2656609000, 131072) = 0 [pid 5135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5135] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5135] close(3) = 0 [pid 5135] mkdir("./file2", 0777) = 0 [pid 5135] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5135] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5135] chdir("./file2") = 0 [pid 5135] ioctl(4, LOOP_CLR_FD) = 0 [pid 5135] close(4) = 0 [pid 5135] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] <... futex resumed>) = 0 [pid 5135] <... futex resumed>) = 1 [pid 5134] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5135] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] <... futex resumed>) = 0 [pid 5134] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5135] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] <... futex resumed>) = 0 [pid 5134] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] <... futex resumed>) = 1 [pid 5135] write(4, "\x00\x00", 2) = 2 [pid 5135] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] <... futex resumed>) = 0 [pid 5135] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5134] <... futex resumed>) = 0 [pid 5135] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5134] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... mmap resumed>) = 0x20000000 [pid 5134] <... futex resumed>) = 0 [pid 5135] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5135] <... futex resumed>) = 0 [pid 5135] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] <... mmap resumed>) = 0x7f2656608000 [pid 5134] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5134] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5136 attached [pid 5136] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5136] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] <... clone resumed>, parent_tid=[5136], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5136 [pid 5134] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5136] <... futex resumed>) = 0 [pid 5134] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5136] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5136] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5136] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5136] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5134] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = 0 [pid 5134] <... futex resumed>) = 1 [pid 5135] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5134] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5135] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] exit_group(0 [pid 5135] <... futex resumed>) = ? [pid 5134] <... exit_group resumed>) = ? [pid 5136] <... futex resumed>) = ? [pid 5135] +++ exited with 0 +++ [pid 5136] +++ exited with 0 +++ [pid 5134] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5134, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./18/binderfs") = 0 [ 68.741975][ T5135] loop0: detected capacity change from 0 to 256 [ 68.750977][ T5135] exfat: Deprecated parameter 'utf8' [ 68.762940][ T5135] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./18/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./18/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5137 ./strace-static-x86_64: Process 5137 attached [pid 5137] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5137] chdir("./19") = 0 [pid 5137] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5137] setpgid(0, 0) = 0 [pid 5137] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5137] write(3, "1000", 4) = 4 [pid 5137] close(3) = 0 [pid 5137] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5137] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5137] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5137] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5138 attached [pid 5138] set_robust_list(0x7f265ea299e0, 24 [pid 5137] <... clone resumed>, parent_tid=[5138], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5138 [pid 5138] <... set_robust_list resumed>) = 0 [pid 5137] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5138] memfd_create("syzkaller", 0) = 3 [pid 5138] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5138] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5138] munmap(0x7f2656609000, 131072) = 0 [pid 5138] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5138] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5138] close(3) = 0 [pid 5138] mkdir("./file2", 0777) = 0 [pid 5138] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5138] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5138] chdir("./file2") = 0 [pid 5138] ioctl(4, LOOP_CLR_FD) = 0 [pid 5138] close(4) = 0 [pid 5138] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5137] <... futex resumed>) = 0 [pid 5138] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5137] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5138] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5137] <... futex resumed>) = 0 [pid 5138] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5137] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5138] <... openat resumed>) = 4 [pid 5138] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5137] <... futex resumed>) = 0 [pid 5138] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5137] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5138] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5137] <... futex resumed>) = 0 [pid 5138] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5137] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5138] <... openat resumed>) = 5 [pid 5138] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5137] <... futex resumed>) = 0 [pid 5138] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5137] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5138] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5137] <... futex resumed>) = 0 [pid 5138] write(4, "\x00\x00", 2 [pid 5137] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5138] <... write resumed>) = 2 [pid 5138] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5137] <... futex resumed>) = 0 [pid 5138] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5137] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5138] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5137] <... futex resumed>) = 0 [pid 5138] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5137] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5138] <... mmap resumed>) = 0x20000000 [pid 5137] <... futex resumed>) = 0 [pid 5138] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5137] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5138] <... futex resumed>) = 0 [pid 5137] <... mmap resumed>) = 0x7f2656608000 [pid 5138] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5137] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5137] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5139], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5139 [pid 5137] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5139 attached [pid 5139] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5139] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5139] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5139] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5137] <... futex resumed>) = 0 [pid 5137] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5138] <... futex resumed>) = 0 [pid 5137] <... futex resumed>) = 1 [pid 5138] getdents64(-1, [pid 5137] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5138] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5138] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5137] <... futex resumed>) = 0 [pid 5138] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5137] exit_group(0 [pid 5138] <... futex resumed>) = ? [pid 5137] <... exit_group resumed>) = ? [pid 5138] +++ exited with 0 +++ [pid 5139] <... futex resumed>) = ? [pid 5139] +++ exited with 0 +++ [pid 5137] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5137, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./19/binderfs") = 0 [ 68.873237][ T5138] loop0: detected capacity change from 0 to 256 [ 68.883328][ T5138] exfat: Deprecated parameter 'utf8' [ 68.892873][ T5138] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./19/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./19/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5140 ./strace-static-x86_64: Process 5140 attached [pid 5140] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5140] chdir("./20") = 0 [pid 5140] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5140] setpgid(0, 0) = 0 [pid 5140] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5140] write(3, "1000", 4) = 4 [pid 5140] close(3) = 0 [pid 5140] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5140] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5140] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5140] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5141 attached , parent_tid=[5141], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5141 [pid 5141] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5141] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5140] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5141] <... futex resumed>) = 0 [pid 5140] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5141] memfd_create("syzkaller", 0) = 3 [pid 5141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5141] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5141] munmap(0x7f2656609000, 131072) = 0 [pid 5141] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5141] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5141] close(3) = 0 [pid 5141] mkdir("./file2", 0777) = 0 [pid 5141] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5141] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5141] chdir("./file2") = 0 [pid 5141] ioctl(4, LOOP_CLR_FD) = 0 [pid 5141] close(4) = 0 [pid 5141] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] <... futex resumed>) = 1 [pid 5141] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5141] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] <... futex resumed>) = 1 [pid 5141] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5141] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] <... futex resumed>) = 1 [pid 5141] write(4, "\x00\x00", 2) = 2 [pid 5141] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... futex resumed>) = 1 [pid 5140] <... futex resumed>) = 0 [pid 5141] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5140] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5141] <... mmap resumed>) = 0x20000000 [pid 5141] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] <... mmap resumed>) = 0x7f2656608000 [pid 5141] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5140] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5140] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5142 attached [pid 5142] set_robust_list(0x7f26566289e0, 24 [pid 5140] <... clone resumed>, parent_tid=[5142], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5142 [pid 5142] <... set_robust_list resumed>) = 0 [ 69.000833][ T5141] loop0: detected capacity change from 0 to 256 [ 69.021127][ T5141] exfat: Deprecated parameter 'utf8' [ 69.030542][ T5141] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5140] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5142] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5142] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] <... futex resumed>) = 0 [pid 5142] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5140] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... futex resumed>) = 0 [pid 5140] <... futex resumed>) = 1 [pid 5141] getdents64(-1, [pid 5140] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5141] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] <... futex resumed>) = 0 [pid 5141] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5140] exit_group(0 [pid 5141] <... futex resumed>) = ? [pid 5140] <... exit_group resumed>) = ? [pid 5142] <... futex resumed>) = ? [pid 5141] +++ exited with 0 +++ [pid 5142] +++ exited with 0 +++ [pid 5140] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5140, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./20/binderfs") = 0 umount2("./20/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./20/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5143 ./strace-static-x86_64: Process 5143 attached [pid 5143] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5143] chdir("./21") = 0 [pid 5143] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5143] setpgid(0, 0) = 0 [pid 5143] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5143] write(3, "1000", 4) = 4 [pid 5143] close(3) = 0 [pid 5143] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5143] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5143] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5143] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5144 attached [pid 5144] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5144] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] <... clone resumed>, parent_tid=[5144], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5144 [pid 5143] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = 0 [pid 5143] <... futex resumed>) = 1 [pid 5144] memfd_create("syzkaller", 0 [pid 5143] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5144] <... memfd_create resumed>) = 3 [pid 5144] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5144] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5144] munmap(0x7f2656609000, 131072) = 0 [pid 5144] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5144] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5144] close(3) = 0 [pid 5144] mkdir("./file2", 0777) = 0 [pid 5144] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5144] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5144] chdir("./file2") = 0 [pid 5144] ioctl(4, LOOP_CLR_FD) = 0 [pid 5144] close(4) = 0 [pid 5144] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] <... futex resumed>) = 0 [pid 5144] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5143] <... futex resumed>) = 0 [pid 5144] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5143] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] <... openat resumed>) = 4 [pid 5144] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] <... futex resumed>) = 0 [pid 5144] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5143] <... futex resumed>) = 0 [pid 5144] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5143] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] <... openat resumed>) = 5 [pid 5144] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] <... futex resumed>) = 1 [pid 5144] write(4, "\x00\x00", 2) = 2 [pid 5144] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] <... futex resumed>) = 0 [pid 5144] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5143] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... mmap resumed>) = 0x20000000 [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5144] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] <... mmap resumed>) = 0x7f2656608000 [pid 5143] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5143] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5145], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5145 [pid 5143] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5145 attached [pid 5145] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5145] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5145] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5145] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] <... futex resumed>) = 0 [pid 5145] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = 0 [pid 5143] <... futex resumed>) = 1 [pid 5144] getdents64(-1, [pid 5143] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5144] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] <... futex resumed>) = 0 [pid 5144] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] exit_group(0 [pid 5144] <... futex resumed>) = ? [pid 5143] <... exit_group resumed>) = ? [pid 5144] +++ exited with 0 +++ [pid 5145] <... futex resumed>) = ? [pid 5145] +++ exited with 0 +++ [pid 5143] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5143, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 69.159726][ T5144] loop0: detected capacity change from 0 to 256 [ 69.170421][ T5144] exfat: Deprecated parameter 'utf8' [ 69.180354][ T5144] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./21/binderfs") = 0 umount2("./21/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./21/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5146 attached , child_tidptr=0x555556b3a6d0) = 5146 [pid 5146] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5146] chdir("./22") = 0 [pid 5146] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5146] setpgid(0, 0) = 0 [pid 5146] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5146] write(3, "1000", 4) = 4 [pid 5146] close(3) = 0 [pid 5146] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5146] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5146] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5146] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5147 attached , parent_tid=[5147], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5147 [pid 5147] set_robust_list(0x7f265ea299e0, 24 [pid 5146] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... set_robust_list resumed>) = 0 [pid 5146] <... futex resumed>) = 0 [pid 5146] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5147] memfd_create("syzkaller", 0) = 3 [pid 5147] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5147] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5147] munmap(0x7f2656609000, 131072) = 0 [pid 5147] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5147] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5147] close(3) = 0 [pid 5147] mkdir("./file2", 0777) = 0 [pid 5147] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5147] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5147] chdir("./file2") = 0 [pid 5147] ioctl(4, LOOP_CLR_FD) = 0 [pid 5147] close(4) = 0 [pid 5147] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5146] <... futex resumed>) = 0 [pid 5146] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5147] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5146] <... futex resumed>) = 0 [pid 5146] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5147] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5146] <... futex resumed>) = 0 [pid 5146] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] write(4, "\x00\x00", 2) = 2 [pid 5147] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5146] <... futex resumed>) = 0 [pid 5146] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5146] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5146] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5148 attached , parent_tid=[5148], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5148 [pid 5148] set_robust_list(0x7f26566289e0, 24 [pid 5147] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5146] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5148] <... set_robust_list resumed>) = 0 [pid 5147] <... mmap resumed>) = 0x20000000 [pid 5148] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5147] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5147] <... futex resumed>) = 0 [pid 5147] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5148] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... futex resumed>) = 0 [pid 5146] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5148] <... futex resumed>) = 1 [pid 5147] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5147] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5147] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5147] <... futex resumed>) = 1 [pid 5146] <... futex resumed>) = 0 [pid 5147] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] exit_group(0 [pid 5147] <... futex resumed>) = ? [pid 5146] <... exit_group resumed>) = ? [pid 5147] +++ exited with 0 +++ [pid 5148] <... futex resumed>) = ? [pid 5148] +++ exited with 0 +++ [pid 5146] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5146, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./22/binderfs") = 0 umount2("./22/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 69.269979][ T5147] loop0: detected capacity change from 0 to 256 [ 69.279016][ T5147] exfat: Deprecated parameter 'utf8' [ 69.289715][ T5147] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./22/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./22/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5149 ./strace-static-x86_64: Process 5149 attached [pid 5149] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5149] chdir("./23") = 0 [pid 5149] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5149] setpgid(0, 0) = 0 [pid 5149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5149] write(3, "1000", 4) = 4 [pid 5149] close(3) = 0 [pid 5149] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5149] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5149] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5149] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5150 attached , parent_tid=[5150], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5150 [pid 5149] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5150] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5150] memfd_create("syzkaller", 0) = 3 [pid 5150] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5150] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5150] munmap(0x7f2656609000, 131072) = 0 [pid 5150] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5150] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5150] close(3) = 0 [pid 5150] mkdir("./file2", 0777) = 0 [pid 5150] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5150] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5150] chdir("./file2") = 0 [pid 5150] ioctl(4, LOOP_CLR_FD) = 0 [pid 5150] close(4) = 0 [pid 5150] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5150] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] <... futex resumed>) = 0 [pid 5149] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5150] <... futex resumed>) = 0 [pid 5149] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5150] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] <... futex resumed>) = 0 [pid 5149] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5150] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5149] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] <... openat resumed>) = 5 [pid 5150] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] <... futex resumed>) = 0 [pid 5149] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] write(4, "\x00\x00", 2 [pid 5149] <... futex resumed>) = 0 [pid 5149] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] <... write resumed>) = 2 [pid 5150] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] <... futex resumed>) = 0 [pid 5149] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5150] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5149] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5150] <... mmap resumed>) = 0x20000000 [pid 5150] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] <... mprotect resumed>) = 0 [pid 5150] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5151], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5151 [pid 5149] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5151 attached ) = 0 [pid 5151] set_robust_list(0x7f26566289e0, 24 [pid 5149] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5151] <... set_robust_list resumed>) = 0 [pid 5151] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5151] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5151] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] <... futex resumed>) = 0 [pid 5151] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] <... futex resumed>) = 0 [pid 5149] <... futex resumed>) = 1 [pid 5150] getdents64(-1, [pid 5149] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5150] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] <... futex resumed>) = 0 [pid 5150] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] exit_group(0 [pid 5150] <... futex resumed>) = ? [pid 5149] <... exit_group resumed>) = ? [pid 5150] +++ exited with 0 +++ [pid 5151] <... futex resumed>) = ? [pid 5151] +++ exited with 0 +++ [pid 5149] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5149, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./23/binderfs") = 0 umount2("./23/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./23/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 [ 69.409063][ T5150] loop0: detected capacity change from 0 to 256 [ 69.418369][ T5150] exfat: Deprecated parameter 'utf8' [ 69.429010][ T5150] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5152 ./strace-static-x86_64: Process 5152 attached [pid 5152] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5152] chdir("./24") = 0 [pid 5152] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5152] setpgid(0, 0) = 0 [pid 5152] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5152] write(3, "1000", 4) = 4 [pid 5152] close(3) = 0 [pid 5152] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5152] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5152] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5152] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5153], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5153 ./strace-static-x86_64: Process 5153 attached [pid 5153] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5153] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5152] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5153] <... futex resumed>) = 0 [pid 5152] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5153] memfd_create("syzkaller", 0) = 3 [pid 5153] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5153] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5153] munmap(0x7f2656609000, 131072) = 0 [pid 5153] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5153] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5153] close(3) = 0 [pid 5153] mkdir("./file2", 0777) = 0 [pid 5153] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5153] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5153] chdir("./file2") = 0 [pid 5153] ioctl(4, LOOP_CLR_FD) = 0 [pid 5153] close(4) = 0 [pid 5153] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] <... futex resumed>) = 0 [pid 5152] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] <... futex resumed>) = 1 [pid 5153] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5153] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] <... futex resumed>) = 0 [pid 5152] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] <... futex resumed>) = 1 [pid 5153] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5153] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] <... futex resumed>) = 0 [pid 5152] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] <... futex resumed>) = 1 [pid 5153] write(4, "\x00\x00", 2) = 2 [pid 5153] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] <... futex resumed>) = 0 [pid 5152] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5152] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5152] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5154], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5154 ./strace-static-x86_64: Process 5154 attached [pid 5152] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] set_robust_list(0x7f26566289e0, 24 [pid 5153] <... futex resumed>) = 1 [pid 5152] <... futex resumed>) = 0 [pid 5152] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5154] <... set_robust_list resumed>) = 0 [pid 5154] openat(AT_FDCWD, "./file0", O_RDONLY) = 6 [pid 5153] <... mmap resumed>) = 0x20000000 [pid 5153] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5153] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5154] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] <... futex resumed>) = 0 [pid 5152] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5152] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] <... futex resumed>) = 0 [pid 5153] getdents64(6, [pid 5154] <... futex resumed>) = 1 [pid 5153] <... getdents64 resumed>NULL, 32776) = -1 EFAULT (Bad address) [pid 5154] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5153] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] <... futex resumed>) = 0 [pid 5152] exit_group(0) = ? [pid 5154] <... futex resumed>) = ? [pid 5153] <... futex resumed>) = ? [pid 5154] +++ exited with 0 +++ [pid 5153] +++ exited with 0 +++ [pid 5152] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5152, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 69.519902][ T5153] loop0: detected capacity change from 0 to 256 [ 69.529164][ T5153] exfat: Deprecated parameter 'utf8' [ 69.540844][ T5153] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./24/binderfs") = 0 umount2("./24/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./24/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5155 ./strace-static-x86_64: Process 5155 attached [pid 5155] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5155] chdir("./25") = 0 [pid 5155] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5155] setpgid(0, 0) = 0 [pid 5155] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5155] write(3, "1000", 4) = 4 [pid 5155] close(3) = 0 [pid 5155] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5155] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5155] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5155] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5156], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5156 [pid 5155] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5156 attached [pid 5156] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5156] memfd_create("syzkaller", 0) = 3 [pid 5156] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5156] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5156] munmap(0x7f2656609000, 131072) = 0 [pid 5156] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5156] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5156] close(3) = 0 [pid 5156] mkdir("./file2", 0777) = 0 [pid 5156] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5156] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5156] chdir("./file2") = 0 [pid 5156] ioctl(4, LOOP_CLR_FD) = 0 [pid 5156] close(4) = 0 [pid 5156] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5155] <... futex resumed>) = 0 [pid 5156] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5155] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] <... openat resumed>) = 4 [pid 5156] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5155] <... futex resumed>) = 0 [pid 5156] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5155] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] <... openat resumed>) = 5 [pid 5156] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5155] <... futex resumed>) = 0 [pid 5156] write(4, "\x00\x00", 2 [pid 5155] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] <... write resumed>) = 2 [pid 5155] <... futex resumed>) = 0 [pid 5156] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] <... futex resumed>) = 0 [pid 5155] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5156] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5155] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] <... mmap resumed>) = 0x20000000 [pid 5155] <... futex resumed>) = 0 [pid 5156] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] <... futex resumed>) = 0 [pid 5155] <... futex resumed>) = 0 [pid 5156] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5155] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5156] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5155] <... futex resumed>) = 0 [pid 5156] getdents64(-1, [pid 5155] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5155] <... futex resumed>) = 0 [pid 5156] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] <... futex resumed>) = 0 [pid 5155] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5156] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5155] exit_group(0 [pid 5156] <... futex resumed>) = ? [pid 5155] <... exit_group resumed>) = ? [pid 5156] +++ exited with 0 +++ [pid 5155] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5155, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./25/binderfs") = 0 umount2("./25/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./25/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 [ 69.652740][ T5156] loop0: detected capacity change from 0 to 256 [ 69.661986][ T5156] exfat: Deprecated parameter 'utf8' [ 69.671521][ T5156] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5157 ./strace-static-x86_64: Process 5157 attached [pid 5157] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5157] chdir("./26") = 0 [pid 5157] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5157] setpgid(0, 0) = 0 [pid 5157] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5157] write(3, "1000", 4) = 4 [pid 5157] close(3) = 0 [pid 5157] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5157] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5157] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5157] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5157] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5158 attached , parent_tid=[5158], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5158 [pid 5157] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5157] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5158] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5158] memfd_create("syzkaller", 0) = 3 [pid 5158] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5158] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5158] munmap(0x7f2656609000, 131072) = 0 [pid 5158] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5158] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5158] close(3) = 0 [pid 5158] mkdir("./file2", 0777) = 0 [pid 5158] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5158] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5158] chdir("./file2") = 0 [pid 5158] ioctl(4, LOOP_CLR_FD) = 0 [pid 5158] close(4) = 0 [pid 5158] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5157] <... futex resumed>) = 0 [pid 5158] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5157] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5158] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5157] <... futex resumed>) = 0 [pid 5158] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5157] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5158] <... openat resumed>) = 4 [pid 5158] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5157] <... futex resumed>) = 0 [pid 5158] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5157] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5157] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5158] <... openat resumed>) = 5 [pid 5158] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5157] <... futex resumed>) = 0 [pid 5158] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5157] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5158] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5157] <... futex resumed>) = 0 [pid 5158] write(4, "\x00\x00", 2 [pid 5157] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5158] <... write resumed>) = 2 [pid 5158] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5157] <... futex resumed>) = 0 [pid 5158] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5157] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5158] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5157] <... futex resumed>) = 0 [pid 5158] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5157] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5158] <... mmap resumed>) = 0x20000000 [pid 5157] <... futex resumed>) = 0 [pid 5158] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5157] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5158] <... futex resumed>) = 0 [pid 5157] <... mmap resumed>) = 0x7f2656608000 [pid 5158] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5157] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5157] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5159], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5159 [pid 5157] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5157] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5159 attached [pid 5159] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5159] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5159] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5159] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5157] <... futex resumed>) = 0 [pid 5159] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5157] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5158] <... futex resumed>) = 0 [pid 5157] <... futex resumed>) = 1 [pid 5158] getdents64(-1, [pid 5157] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5158] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5158] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5157] <... futex resumed>) = 0 [pid 5158] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5157] exit_group(0 [pid 5159] <... futex resumed>) = ? [pid 5158] <... futex resumed>) = ? [pid 5157] <... exit_group resumed>) = ? [pid 5159] +++ exited with 0 +++ [pid 5158] +++ exited with 0 +++ [pid 5157] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5157, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./26/binderfs") = 0 umount2("./26/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./26/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 [ 69.757816][ T5158] loop0: detected capacity change from 0 to 256 [ 69.767406][ T5158] exfat: Deprecated parameter 'utf8' [ 69.778512][ T5158] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) rmdir("./26/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5160 ./strace-static-x86_64: Process 5160 attached [pid 5160] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5160] chdir("./27") = 0 [pid 5160] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5160] setpgid(0, 0) = 0 [pid 5160] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5160] write(3, "1000", 4) = 4 [pid 5160] close(3) = 0 [pid 5160] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5160] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5160] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5160] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5160] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5161 attached , parent_tid=[5161], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5161 [pid 5161] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5161] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5160] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5161] <... futex resumed>) = 0 [pid 5160] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5161] memfd_create("syzkaller", 0) = 3 [pid 5161] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5161] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5161] munmap(0x7f2656609000, 131072) = 0 [pid 5161] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5161] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5161] close(3) = 0 [pid 5161] mkdir("./file2", 0777) = 0 [pid 5161] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5161] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5161] chdir("./file2") = 0 [pid 5161] ioctl(4, LOOP_CLR_FD) = 0 [pid 5161] close(4) = 0 [pid 5161] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5160] <... futex resumed>) = 0 [pid 5161] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5160] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] <... openat resumed>) = 4 [pid 5160] <... futex resumed>) = 0 [pid 5160] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5161] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5160] <... futex resumed>) = 0 [pid 5161] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5160] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5160] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5161] <... openat resumed>) = 5 [pid 5161] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5160] <... futex resumed>) = 0 [pid 5161] write(4, "\x00\x00", 2 [pid 5160] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] <... write resumed>) = 2 [pid 5160] <... futex resumed>) = 0 [pid 5161] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5160] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5161] <... futex resumed>) = 0 [pid 5160] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5161] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5160] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] <... mmap resumed>) = 0x20000000 [pid 5160] <... futex resumed>) = 0 [pid 5160] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5160] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5161] <... futex resumed>) = 0 [pid 5160] <... mmap resumed>) = 0x7f2656608000 [pid 5161] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5160] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5160] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5162 attached , parent_tid=[5162], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5162 [pid 5160] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5160] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5162] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5162] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5162] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5162] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5160] <... futex resumed>) = 0 [pid 5160] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] <... futex resumed>) = 0 [pid 5160] <... futex resumed>) = 1 [pid 5161] getdents64(-1, [pid 5160] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5161] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5161] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5160] <... futex resumed>) = 0 [pid 5162] <... futex resumed>) = 1 [pid 5161] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5160] exit_group(0 [pid 5161] <... futex resumed>) = ? [pid 5160] <... exit_group resumed>) = ? [pid 5162] +++ exited with 0 +++ [pid 5161] +++ exited with 0 +++ [pid 5160] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5160, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./27/binderfs") = 0 umount2("./27/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./27/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 69.866359][ T5161] loop0: detected capacity change from 0 to 256 [ 69.875127][ T5161] exfat: Deprecated parameter 'utf8' [ 69.886051][ T5161] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5163 attached , child_tidptr=0x555556b3a6d0) = 5163 [pid 5163] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5163] chdir("./28") = 0 [pid 5163] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5163] setpgid(0, 0) = 0 [pid 5163] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5163] write(3, "1000", 4) = 4 [pid 5163] close(3) = 0 [pid 5163] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5163] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5163] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5163] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5164 attached , parent_tid=[5164], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5164 [pid 5164] set_robust_list(0x7f265ea299e0, 24 [pid 5163] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] <... set_robust_list resumed>) = 0 [pid 5163] <... futex resumed>) = 0 [pid 5163] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5164] memfd_create("syzkaller", 0) = 3 [pid 5164] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5164] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5164] munmap(0x7f2656609000, 131072) = 0 [pid 5164] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5164] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5164] close(3) = 0 [pid 5164] mkdir("./file2", 0777) = 0 [pid 5164] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5164] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5164] chdir("./file2") = 0 [pid 5164] ioctl(4, LOOP_CLR_FD) = 0 [pid 5164] close(4) = 0 [pid 5164] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5163] <... futex resumed>) = 0 [pid 5163] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] <... futex resumed>) = 0 [pid 5164] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5163] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] <... openat resumed>) = 4 [pid 5164] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] <... futex resumed>) = 0 [pid 5164] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5163] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] <... openat resumed>) = 5 [pid 5164] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] <... futex resumed>) = 0 [pid 5163] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] write(4, "\x00\x00", 2) = 2 [pid 5164] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] <... futex resumed>) = 0 [pid 5164] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5163] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [ 70.000212][ T5164] loop0: detected capacity change from 0 to 256 [ 70.021110][ T5164] exfat: Deprecated parameter 'utf8' [ 70.032345][ T5164] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5164] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5163] <... mmap resumed>) = 0x7f2656608000 [pid 5163] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5164] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5163] <... mprotect resumed>) = 0 [pid 5163] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5165 attached , parent_tid=[5165], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5165 [pid 5165] set_robust_list(0x7f26566289e0, 24 [pid 5163] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... set_robust_list resumed>) = 0 [pid 5163] <... futex resumed>) = 0 [pid 5163] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5165] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5165] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5165] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] <... futex resumed>) = 0 [pid 5165] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5163] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] <... futex resumed>) = 0 [pid 5163] <... futex resumed>) = 1 [pid 5164] getdents64(-1, [pid 5163] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5164] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] <... futex resumed>) = 0 [pid 5164] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5163] exit_group(0 [pid 5164] <... futex resumed>) = ? [pid 5163] <... exit_group resumed>) = ? [pid 5164] +++ exited with 0 +++ [pid 5165] <... futex resumed>) = ? [pid 5165] +++ exited with 0 +++ [pid 5163] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5163, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./28/binderfs") = 0 umount2("./28/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./28/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5166 ./strace-static-x86_64: Process 5166 attached [pid 5166] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5166] chdir("./29") = 0 [pid 5166] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5166] setpgid(0, 0) = 0 [pid 5166] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5166] write(3, "1000", 4) = 4 [pid 5166] close(3) = 0 [pid 5166] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5166] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5166] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5166] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5166] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5167], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5167 ./strace-static-x86_64: Process 5167 attached [pid 5167] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5167] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5166] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5167] <... futex resumed>) = 0 [pid 5167] memfd_create("syzkaller", 0 [pid 5166] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5167] <... memfd_create resumed>) = 3 [pid 5167] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5167] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5167] munmap(0x7f2656609000, 131072) = 0 [pid 5167] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5167] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5167] close(3) = 0 [pid 5167] mkdir("./file2", 0777) = 0 [pid 5167] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5167] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5167] chdir("./file2") = 0 [pid 5167] ioctl(4, LOOP_CLR_FD) = 0 [pid 5167] close(4) = 0 [pid 5167] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5166] <... futex resumed>) = 0 [pid 5167] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5166] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5166] <... futex resumed>) = 0 [pid 5167] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5166] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5167] <... openat resumed>) = 4 [pid 5167] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5167] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5166] <... futex resumed>) = 0 [pid 5166] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] <... futex resumed>) = 0 [pid 5166] <... futex resumed>) = 1 [pid 5167] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5166] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5167] <... openat resumed>) = 5 [pid 5167] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5166] <... futex resumed>) = 0 [pid 5167] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5166] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5166] <... futex resumed>) = 0 [pid 5167] write(4, "\x00\x00", 2 [pid 5166] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5167] <... write resumed>) = 2 [pid 5167] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5166] <... futex resumed>) = 0 [pid 5167] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5166] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5166] <... futex resumed>) = 0 [pid 5167] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5166] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] <... mmap resumed>) = 0x20000000 [pid 5166] <... futex resumed>) = 0 [pid 5167] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5167] <... futex resumed>) = 0 [pid 5166] <... mmap resumed>) = 0x7f2656608000 [pid 5167] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5166] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5166] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5168 attached , parent_tid=[5168], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5168 [pid 5168] set_robust_list(0x7f26566289e0, 24 [pid 5166] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5168] <... set_robust_list resumed>) = 0 [pid 5166] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5168] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5168] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5168] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5166] <... futex resumed>) = 0 [pid 5166] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5168] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5167] <... futex resumed>) = 0 [pid 5166] <... futex resumed>) = 1 [pid 5167] getdents64(-1, [pid 5166] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5167] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [ 70.129011][ T5167] loop0: detected capacity change from 0 to 256 [ 70.140995][ T5167] exfat: Deprecated parameter 'utf8' [ 70.153565][ T5167] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5167] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5166] <... futex resumed>) = 0 [pid 5167] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5166] exit_group(0 [pid 5168] <... futex resumed>) = ? [pid 5167] <... futex resumed>) = ? [pid 5166] <... exit_group resumed>) = ? [pid 5168] +++ exited with 0 +++ [pid 5167] +++ exited with 0 +++ [pid 5166] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5166, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./29/binderfs") = 0 umount2("./29/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./29/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5169 ./strace-static-x86_64: Process 5169 attached [pid 5169] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5169] chdir("./30") = 0 [pid 5169] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5169] setpgid(0, 0) = 0 [pid 5169] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5169] write(3, "1000", 4) = 4 [pid 5169] close(3) = 0 [pid 5169] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5169] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5169] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5169] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5170], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5170 [pid 5169] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5170 attached [pid 5170] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5170] memfd_create("syzkaller", 0) = 3 [pid 5170] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5170] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5170] munmap(0x7f2656609000, 131072) = 0 [pid 5170] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5170] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5170] close(3) = 0 [pid 5170] mkdir("./file2", 0777) = 0 [pid 5170] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5170] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5170] chdir("./file2") = 0 [pid 5170] ioctl(4, LOOP_CLR_FD) = 0 [pid 5170] close(4) = 0 [pid 5170] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5169] <... futex resumed>) = 0 [pid 5170] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5169] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5170] <... openat resumed>) = 4 [pid 5170] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5169] <... futex resumed>) = 0 [pid 5170] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5169] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5170] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5169] <... futex resumed>) = 0 [pid 5170] <... openat resumed>) = 5 [pid 5170] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5170] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5169] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5169] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5169] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5170] <... futex resumed>) = 0 [pid 5170] write(4, "\x00\x00", 2) = 2 [pid 5170] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5169] <... futex resumed>) = 0 [pid 5170] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5169] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5169] <... futex resumed>) = 0 [pid 5170] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5169] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] <... mmap resumed>) = 0x20000000 [pid 5169] <... futex resumed>) = 0 [pid 5169] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5170] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5169] <... mmap resumed>) = 0x7f2656608000 [pid 5170] <... futex resumed>) = 0 [pid 5169] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5170] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5169] <... mprotect resumed>) = 0 [pid 5169] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5171 attached , parent_tid=[5171], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5171 [pid 5169] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5171] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5171] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5171] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5171] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5169] <... futex resumed>) = 0 [pid 5171] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5169] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] <... futex resumed>) = 0 [pid 5169] <... futex resumed>) = 1 [pid 5170] getdents64(-1, [pid 5169] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5170] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5170] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5169] <... futex resumed>) = 0 [pid 5170] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5169] exit_group(0 [pid 5171] <... futex resumed>) = ? [pid 5170] <... futex resumed>) = ? [pid 5169] <... exit_group resumed>) = ? [pid 5171] +++ exited with 0 +++ [pid 5170] +++ exited with 0 +++ [pid 5169] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5169, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./30/binderfs") = 0 umount2("./30/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 70.257119][ T5170] loop0: detected capacity change from 0 to 256 [ 70.267531][ T5170] exfat: Deprecated parameter 'utf8' [ 70.279156][ T5170] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./30/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./30/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5172 ./strace-static-x86_64: Process 5172 attached [pid 5172] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5172] chdir("./31") = 0 [pid 5172] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5172] setpgid(0, 0) = 0 [pid 5172] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5172] write(3, "1000", 4) = 4 [pid 5172] close(3) = 0 [pid 5172] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5172] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5172] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5172] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5172] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5173 attached [pid 5173] set_robust_list(0x7f265ea299e0, 24 [pid 5172] <... clone resumed>, parent_tid=[5173], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5173 [pid 5173] <... set_robust_list resumed>) = 0 [pid 5172] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5172] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5173] memfd_create("syzkaller", 0) = 3 [pid 5173] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5173] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5173] munmap(0x7f2656609000, 131072) = 0 [pid 5173] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5173] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5173] close(3) = 0 [pid 5173] mkdir("./file2", 0777) = 0 [pid 5173] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5173] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5173] chdir("./file2") = 0 [pid 5173] ioctl(4, LOOP_CLR_FD) = 0 [pid 5173] close(4) = 0 [pid 5173] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5172] <... futex resumed>) = 0 [pid 5173] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5172] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5172] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5173] <... openat resumed>) = 4 [pid 5173] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5172] <... futex resumed>) = 0 [pid 5172] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5172] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5173] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5173] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5172] <... futex resumed>) = 0 [pid 5172] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5172] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5173] write(4, "\x00\x00", 2) = 2 [pid 5173] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5172] <... futex resumed>) = 0 [pid 5173] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5172] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] <... mmap resumed>) = 0x20000000 [pid 5172] <... futex resumed>) = 0 [pid 5172] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5173] <... futex resumed>) = 0 [pid 5172] <... mmap resumed>) = 0x7f2656608000 [pid 5173] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5172] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5172] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5174 attached [pid 5174] set_robust_list(0x7f26566289e0, 24 [pid 5172] <... clone resumed>, parent_tid=[5174], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5174 [pid 5174] <... set_robust_list resumed>) = 0 [pid 5172] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5172] <... futex resumed>) = 0 [pid 5174] openat(AT_FDCWD, "", O_RDONLY [pid 5172] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5174] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5174] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5174] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5172] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5172] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] <... futex resumed>) = 0 [pid 5172] <... futex resumed>) = 1 [pid 5173] getdents64(-1, [pid 5172] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5173] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5173] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5172] <... futex resumed>) = 0 [pid 5173] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5172] exit_group(0 [pid 5174] <... futex resumed>) = ? [pid 5173] <... futex resumed>) = ? [pid 5172] <... exit_group resumed>) = ? [pid 5174] +++ exited with 0 +++ [pid 5173] +++ exited with 0 +++ [pid 5172] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5172, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./31/binderfs") = 0 [ 70.381986][ T5173] loop0: detected capacity change from 0 to 256 [ 70.392176][ T5173] exfat: Deprecated parameter 'utf8' [ 70.403627][ T5173] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./31/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./31/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5175 ./strace-static-x86_64: Process 5175 attached [pid 5175] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5175] chdir("./32") = 0 [pid 5175] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5175] setpgid(0, 0) = 0 [pid 5175] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5175] write(3, "1000", 4) = 4 [pid 5175] close(3) = 0 [pid 5175] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5175] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5175] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5175] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5175] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5176 attached , parent_tid=[5176], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5176 [pid 5175] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5175] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5176] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5176] memfd_create("syzkaller", 0) = 3 [pid 5176] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5176] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5176] munmap(0x7f2656609000, 131072) = 0 [pid 5176] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5176] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5176] close(3) = 0 [pid 5176] mkdir("./file2", 0777) = 0 [pid 5176] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5176] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5176] chdir("./file2") = 0 [pid 5176] ioctl(4, LOOP_CLR_FD) = 0 [pid 5176] close(4) = 0 [pid 5176] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5175] <... futex resumed>) = 0 [pid 5175] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5175] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5176] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5176] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] <... futex resumed>) = 0 [pid 5175] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5175] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5176] <... futex resumed>) = 1 [pid 5176] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5176] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] <... futex resumed>) = 0 [pid 5175] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5175] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5176] <... futex resumed>) = 1 [pid 5176] write(4, "\x00\x00", 2) = 2 [pid 5176] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] <... futex resumed>) = 0 [pid 5175] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5175] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5175] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5175] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5175] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5177], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5177 [pid 5175] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5175] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5176] <... futex resumed>) = 1 [pid 5176] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0./strace-static-x86_64: Process 5177 attached [pid 5177] set_robust_list(0x7f26566289e0, 24 [pid 5176] <... mmap resumed>) = 0x20000000 [pid 5176] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5176] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5177] <... set_robust_list resumed>) = 0 [pid 5177] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5177] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5177] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] <... futex resumed>) = 0 [pid 5175] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5175] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5176] <... futex resumed>) = 0 [pid 5176] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5176] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] <... futex resumed>) = 0 [pid 5175] exit_group(0) = ? [pid 5176] <... futex resumed>) = ? [pid 5176] +++ exited with 0 +++ [pid 5177] <... futex resumed>) = ? [pid 5177] +++ exited with 0 +++ [pid 5175] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5175, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./32/binderfs") = 0 [ 70.517052][ T5176] loop0: detected capacity change from 0 to 256 [ 70.527006][ T5176] exfat: Deprecated parameter 'utf8' [ 70.537086][ T5176] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./32/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./32/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5178 ./strace-static-x86_64: Process 5178 attached [pid 5178] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5178] chdir("./33") = 0 [pid 5178] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5178] setpgid(0, 0) = 0 [pid 5178] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5178] write(3, "1000", 4) = 4 [pid 5178] close(3) = 0 [pid 5178] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5178] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5178] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5178] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5178] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5179], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5179 [pid 5178] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5178] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5179 attached [pid 5179] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5179] memfd_create("syzkaller", 0) = 3 [pid 5179] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5179] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5179] munmap(0x7f2656609000, 131072) = 0 [pid 5179] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5179] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5179] close(3) = 0 [pid 5179] mkdir("./file2", 0777) = 0 [pid 5179] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5179] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5179] chdir("./file2") = 0 [pid 5179] ioctl(4, LOOP_CLR_FD) = 0 [pid 5179] close(4) = 0 [pid 5179] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5178] <... futex resumed>) = 0 [pid 5178] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5178] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5179] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5179] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5178] <... futex resumed>) = 0 [pid 5179] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5178] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5179] <... futex resumed>) = 0 [pid 5178] <... futex resumed>) = 1 [pid 5179] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5178] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5179] <... openat resumed>) = 5 [pid 5179] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5178] <... futex resumed>) = 0 [pid 5179] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5178] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5179] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5178] <... futex resumed>) = 0 [pid 5179] write(4, "\x00\x00", 2 [pid 5178] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5179] <... write resumed>) = 2 [pid 5179] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5179] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5178] <... futex resumed>) = 0 [pid 5178] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5179] <... futex resumed>) = 0 [pid 5178] <... futex resumed>) = 1 [pid 5179] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5178] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5179] <... mmap resumed>) = 0x20000000 [pid 5178] <... futex resumed>) = 0 [pid 5179] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5178] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5179] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5178] <... mmap resumed>) = 0x7f2656608000 [pid 5178] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5178] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5180], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5180 [pid 5178] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5180 attached [pid 5178] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5180] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5180] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5180] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5180] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5178] <... futex resumed>) = 0 [pid 5180] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5178] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5179] <... futex resumed>) = 0 [pid 5178] <... futex resumed>) = 1 [pid 5179] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5178] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5179] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5178] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5179] <... futex resumed>) = 0 [pid 5179] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5178] exit_group(0 [pid 5179] <... futex resumed>) = ? [pid 5178] <... exit_group resumed>) = ? [pid 5179] +++ exited with 0 +++ [pid 5180] <... futex resumed>) = ? [pid 5180] +++ exited with 0 +++ [pid 5178] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5178, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./33/binderfs") = 0 [ 70.619289][ T5179] loop0: detected capacity change from 0 to 256 [ 70.628258][ T5179] exfat: Deprecated parameter 'utf8' [ 70.639809][ T5179] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./33/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./33/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5181 attached [pid 5181] set_robust_list(0x555556b3a6e0, 24 [pid 5078] <... clone resumed>, child_tidptr=0x555556b3a6d0) = 5181 [pid 5181] <... set_robust_list resumed>) = 0 [pid 5181] chdir("./34") = 0 [pid 5181] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5181] setpgid(0, 0) = 0 [pid 5181] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5181] write(3, "1000", 4) = 4 [pid 5181] close(3) = 0 [pid 5181] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5181] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5181] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5181] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5182], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5182 [pid 5181] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5182 attached [pid 5182] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5182] memfd_create("syzkaller", 0) = 3 [pid 5182] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5182] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5182] munmap(0x7f2656609000, 131072) = 0 [pid 5182] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5182] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5182] close(3) = 0 [pid 5182] mkdir("./file2", 0777) = 0 [pid 5182] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5182] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5182] chdir("./file2") = 0 [pid 5182] ioctl(4, LOOP_CLR_FD) = 0 [pid 5182] close(4) = 0 [pid 5182] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] <... futex resumed>) = 0 [pid 5181] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5182] <... futex resumed>) = 1 [pid 5182] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5182] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] <... futex resumed>) = 0 [pid 5181] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5182] <... futex resumed>) = 1 [pid 5182] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5182] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] <... futex resumed>) = 0 [pid 5181] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5182] <... futex resumed>) = 1 [pid 5182] write(4, "\x00\x00", 2) = 2 [pid 5182] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] <... futex resumed>) = 0 [pid 5181] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5181] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5181] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5183 attached , parent_tid=[5183], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5183 [pid 5181] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5182] <... futex resumed>) = 1 [pid 5182] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5183] set_robust_list(0x7f26566289e0, 24 [pid 5182] <... mmap resumed>) = 0x20000000 [pid 5182] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5182] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5183] <... set_robust_list resumed>) = 0 [pid 5183] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5183] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5183] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5181] <... futex resumed>) = 0 [pid 5181] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5182] <... futex resumed>) = 0 [pid 5181] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5182] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5182] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5181] <... futex resumed>) = 0 [pid 5183] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5182] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5181] exit_group(0 [pid 5182] <... futex resumed>) = ? [pid 5181] <... exit_group resumed>) = ? [pid 5183] <... futex resumed>) = ? [pid 5182] +++ exited with 0 +++ [pid 5183] +++ exited with 0 +++ [pid 5181] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5181, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./34/binderfs") = 0 umount2("./34/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 70.742199][ T5182] loop0: detected capacity change from 0 to 256 [ 70.750698][ T5182] exfat: Deprecated parameter 'utf8' [ 70.760805][ T5182] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) lstat("./34/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./34/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5184 ./strace-static-x86_64: Process 5184 attached [pid 5184] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5184] chdir("./35") = 0 [pid 5184] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5184] setpgid(0, 0) = 0 [pid 5184] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5184] write(3, "1000", 4) = 4 [pid 5184] close(3) = 0 [pid 5184] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5184] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5184] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5184] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5184] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5185 attached , parent_tid=[5185], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5185 [pid 5185] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5185] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5184] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5185] <... futex resumed>) = 0 [pid 5184] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5185] memfd_create("syzkaller", 0) = 3 [pid 5185] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5185] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5185] munmap(0x7f2656609000, 131072) = 0 [pid 5185] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5185] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5185] close(3) = 0 [pid 5185] mkdir("./file2", 0777) = 0 [pid 5185] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5185] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5185] chdir("./file2") = 0 [pid 5185] ioctl(4, LOOP_CLR_FD) = 0 [pid 5185] close(4) = 0 [pid 5185] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] <... futex resumed>) = 0 [pid 5184] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5184] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5185] <... futex resumed>) = 1 [pid 5185] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5185] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] <... futex resumed>) = 0 [pid 5184] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5184] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5185] <... futex resumed>) = 1 [pid 5185] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5185] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] <... futex resumed>) = 0 [pid 5184] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5184] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5185] <... futex resumed>) = 1 [pid 5185] write(4, "\x00\x00", 2) = 2 [pid 5185] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] <... futex resumed>) = 0 [pid 5184] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5184] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5184] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5184] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5184] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5186], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5186 [pid 5184] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5184] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5185] <... futex resumed>) = 1 [pid 5185] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0./strace-static-x86_64: Process 5186 attached ) = 0x20000000 [pid 5186] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5186] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5186] openat(AT_FDCWD, "", O_RDONLY [pid 5185] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5186] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5185] <... futex resumed>) = 0 [pid 5185] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5184] <... futex resumed>) = 0 [pid 5184] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5184] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5185] <... futex resumed>) = 0 [pid 5186] <... futex resumed>) = 1 [pid 5185] getdents64(-1, [pid 5186] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5185] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5185] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] <... futex resumed>) = 0 [pid 5184] exit_group(0) = ? [pid 5186] <... futex resumed>) = ? [pid 5185] <... futex resumed>) = ? [pid 5185] +++ exited with 0 +++ [pid 5186] +++ exited with 0 +++ [pid 5184] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5184, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./35/binderfs") = 0 umount2("./35/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./35/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 [ 70.878717][ T5185] loop0: detected capacity change from 0 to 256 [ 70.887741][ T5185] exfat: Deprecated parameter 'utf8' [ 70.897931][ T5185] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5187 ./strace-static-x86_64: Process 5187 attached [pid 5187] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5187] chdir("./36") = 0 [pid 5187] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5187] setpgid(0, 0) = 0 [pid 5187] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5187] write(3, "1000", 4) = 4 [pid 5187] close(3) = 0 [pid 5187] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5187] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5187] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5187] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5187] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5188 attached , parent_tid=[5188], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5188 [pid 5188] set_robust_list(0x7f265ea299e0, 24 [pid 5187] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] <... set_robust_list resumed>) = 0 [pid 5187] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5188] memfd_create("syzkaller", 0) = 3 [pid 5188] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5188] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5188] munmap(0x7f2656609000, 131072) = 0 [pid 5188] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5188] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5188] close(3) = 0 [pid 5188] mkdir("./file2", 0777) = 0 [pid 5188] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5188] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5188] chdir("./file2") = 0 [pid 5188] ioctl(4, LOOP_CLR_FD) = 0 [pid 5188] close(4) = 0 [pid 5188] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... futex resumed>) = 0 [pid 5187] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5187] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] <... futex resumed>) = 1 [pid 5188] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5188] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... futex resumed>) = 0 [pid 5187] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5187] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] <... futex resumed>) = 1 [pid 5188] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5188] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... futex resumed>) = 0 [pid 5188] <... futex resumed>) = 1 [pid 5187] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] write(4, "\x00\x00", 2 [pid 5187] <... futex resumed>) = 0 [pid 5187] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] <... write resumed>) = 2 [pid 5188] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... futex resumed>) = 0 [pid 5188] <... futex resumed>) = 1 [pid 5187] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5187] <... futex resumed>) = 0 [pid 5187] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5187] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5188] <... mmap resumed>) = 0x20000000 [pid 5187] <... mmap resumed>) = 0x7f2656608000 [pid 5188] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5188] <... futex resumed>) = 0 [pid 5188] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5187] <... mprotect resumed>) = 0 [pid 5187] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5189], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5189 [pid 5187] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5187] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5189 attached [pid 5189] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5189] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5189] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5189] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5189] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5187] <... futex resumed>) = 0 [pid 5187] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] <... futex resumed>) = 0 [pid 5187] <... futex resumed>) = 1 [pid 5188] getdents64(-1, [pid 5187] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5188] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5187] <... futex resumed>) = 0 [pid 5187] exit_group(0) = ? [pid 5189] <... futex resumed>) = ? [pid 5189] +++ exited with 0 +++ [pid 5188] +++ exited with 0 +++ [pid 5187] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5187, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 70.985995][ T5188] loop0: detected capacity change from 0 to 256 [ 70.995501][ T5188] exfat: Deprecated parameter 'utf8' [ 71.007470][ T5188] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./36/binderfs") = 0 umount2("./36/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./36/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5190 ./strace-static-x86_64: Process 5190 attached [pid 5190] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5190] chdir("./37") = 0 [pid 5190] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5190] setpgid(0, 0) = 0 [pid 5190] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5190] write(3, "1000", 4) = 4 [pid 5190] close(3) = 0 [pid 5190] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5190] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5190] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5190] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5190] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5191 attached , parent_tid=[5191], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5191 [pid 5191] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5191] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5190] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5191] <... futex resumed>) = 0 [pid 5190] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5191] memfd_create("syzkaller", 0) = 3 [pid 5191] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5191] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5191] munmap(0x7f2656609000, 131072) = 0 [pid 5191] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5191] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5191] close(3) = 0 [pid 5191] mkdir("./file2", 0777) = 0 [pid 5191] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5191] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5191] chdir("./file2") = 0 [pid 5191] ioctl(4, LOOP_CLR_FD) = 0 [pid 5191] close(4) = 0 [pid 5191] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5190] <... futex resumed>) = 0 [pid 5190] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5190] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5191] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5191] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5190] <... futex resumed>) = 0 [pid 5191] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5190] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5190] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5191] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5191] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5190] <... futex resumed>) = 0 [pid 5191] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5190] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5190] <... futex resumed>) = 0 [pid 5191] write(4, "\x00\x00", 2 [pid 5190] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5191] <... write resumed>) = 2 [pid 5191] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5190] <... futex resumed>) = 0 [pid 5190] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5190] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5190] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5191] <... mmap resumed>) = 0x20000000 [pid 5190] <... mmap resumed>) = 0x7f2656608000 [pid 5190] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5191] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] <... mprotect resumed>) = 0 [pid 5190] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5192], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5192 [pid 5191] <... futex resumed>) = 0 [pid 5191] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5190] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5190] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5192 attached [pid 5192] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5192] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5192] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5192] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] <... futex resumed>) = 0 [pid 5192] <... futex resumed>) = 1 [pid 5190] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5192] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5190] <... futex resumed>) = 1 [pid 5191] <... futex resumed>) = 0 [pid 5190] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5191] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5191] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5190] <... futex resumed>) = 0 [pid 5191] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5190] exit_group(0 [pid 5192] <... futex resumed>) = ? [pid 5191] <... futex resumed>) = ? [pid 5190] <... exit_group resumed>) = ? [pid 5191] +++ exited with 0 +++ [pid 5192] +++ exited with 0 +++ [pid 5190] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5190, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./37/binderfs") = 0 umount2("./37/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 71.125183][ T5191] loop0: detected capacity change from 0 to 256 [ 71.134317][ T5191] exfat: Deprecated parameter 'utf8' [ 71.144040][ T5191] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) lstat("./37/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./37/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5193 ./strace-static-x86_64: Process 5193 attached [pid 5193] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5193] chdir("./38") = 0 [pid 5193] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5193] setpgid(0, 0) = 0 [pid 5193] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5193] write(3, "1000", 4) = 4 [pid 5193] close(3) = 0 [pid 5193] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5193] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5193] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5193] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5193] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5194 attached , parent_tid=[5194], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5194 [pid 5193] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5193] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5194] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5194] memfd_create("syzkaller", 0) = 3 [pid 5194] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5194] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5194] munmap(0x7f2656609000, 131072) = 0 [pid 5194] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5194] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5194] close(3) = 0 [pid 5194] mkdir("./file2", 0777) = 0 [pid 5194] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5194] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5194] chdir("./file2") = 0 [pid 5194] ioctl(4, LOOP_CLR_FD) = 0 [pid 5194] close(4) = 0 [pid 5194] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5193] <... futex resumed>) = 0 [pid 5193] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] <... futex resumed>) = 0 [pid 5194] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5193] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5194] <... openat resumed>) = 4 [pid 5194] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5193] <... futex resumed>) = 0 [pid 5194] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5193] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5193] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5194] <... openat resumed>) = 5 [pid 5194] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5193] <... futex resumed>) = 0 [pid 5194] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5193] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5194] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5193] <... futex resumed>) = 0 [pid 5193] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5194] write(4, "\x00\x00", 2) = 2 [pid 5194] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5193] <... futex resumed>) = 0 [pid 5194] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5193] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5193] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] <... mmap resumed>) = 0x20000000 [pid 5193] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5194] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5193] <... mmap resumed>) = 0x7f2656608000 [pid 5193] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5193] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5195 attached , parent_tid=[5195], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5195 [pid 5195] set_robust_list(0x7f26566289e0, 24 [pid 5193] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] <... set_robust_list resumed>) = 0 [pid 5193] <... futex resumed>) = 0 [pid 5193] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5195] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5195] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5195] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5193] <... futex resumed>) = 0 [pid 5195] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5193] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5194] <... futex resumed>) = 0 [pid 5193] <... futex resumed>) = 1 [pid 5194] getdents64(-1, [pid 5193] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5194] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5194] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5193] <... futex resumed>) = 0 [pid 5194] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5193] exit_group(0 [pid 5194] <... futex resumed>) = ? [pid 5193] <... exit_group resumed>) = ? [pid 5194] +++ exited with 0 +++ [pid 5195] <... futex resumed>) = ? [pid 5195] +++ exited with 0 +++ [pid 5193] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5193, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./38/binderfs") = 0 umount2("./38/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./38/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 71.254416][ T5194] loop0: detected capacity change from 0 to 256 [ 71.264226][ T5194] exfat: Deprecated parameter 'utf8' [ 71.273715][ T5194] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5196 ./strace-static-x86_64: Process 5196 attached [pid 5196] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5196] chdir("./39") = 0 [pid 5196] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5196] setpgid(0, 0) = 0 [pid 5196] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5196] write(3, "1000", 4) = 4 [pid 5196] close(3) = 0 [pid 5196] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5196] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5196] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5196] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5196] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5197 attached [pid 5197] set_robust_list(0x7f265ea299e0, 24 [pid 5196] <... clone resumed>, parent_tid=[5197], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5197 [pid 5196] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5197] <... set_robust_list resumed>) = 0 [pid 5196] <... futex resumed>) = 0 [pid 5196] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5197] memfd_create("syzkaller", 0) = 3 [pid 5197] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5197] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5197] munmap(0x7f2656609000, 131072) = 0 [pid 5197] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5197] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5197] close(3) = 0 [pid 5197] mkdir("./file2", 0777) = 0 [pid 5197] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5197] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5197] chdir("./file2") = 0 [pid 5197] ioctl(4, LOOP_CLR_FD) = 0 [pid 5197] close(4) = 0 [pid 5197] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5196] <... futex resumed>) = 0 [pid 5197] <... futex resumed>) = 1 [pid 5196] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5197] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5196] <... futex resumed>) = 0 [pid 5196] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5197] <... openat resumed>) = 4 [pid 5197] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5196] <... futex resumed>) = 0 [pid 5197] <... futex resumed>) = 1 [pid 5196] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5196] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5197] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5197] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5196] <... futex resumed>) = 0 [pid 5196] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5196] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5197] write(4, "\x00\x00", 2) = 2 [pid 5197] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5196] <... futex resumed>) = 0 [pid 5196] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5196] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5196] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5196] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5196] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5198], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5198 [pid 5196] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5198 attached ) = 0 [pid 5198] set_robust_list(0x7f26566289e0, 24 [pid 5197] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5196] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5198] <... set_robust_list resumed>) = 0 [pid 5198] openat(AT_FDCWD, "", O_RDONLY [pid 5197] <... mmap resumed>) = 0x20000000 [pid 5197] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5198] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5197] <... futex resumed>) = 0 [pid 5198] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5196] <... futex resumed>) = 0 [pid 5198] <... futex resumed>) = 1 [pid 5197] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5196] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5196] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5198] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5197] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5197] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5197] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5196] <... futex resumed>) = 0 [pid 5197] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5196] exit_group(0 [pid 5198] <... futex resumed>) = ? [pid 5197] <... futex resumed>) = ? [pid 5196] <... exit_group resumed>) = ? [pid 5198] +++ exited with 0 +++ [pid 5197] +++ exited with 0 +++ [pid 5196] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5196, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 71.387065][ T5197] loop0: detected capacity change from 0 to 256 [ 71.395678][ T5197] exfat: Deprecated parameter 'utf8' [ 71.405814][ T5197] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) unlink("./39/binderfs") = 0 umount2("./39/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./39/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5199 attached [pid 5199] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5199] chdir("./40" [pid 5078] <... clone resumed>, child_tidptr=0x555556b3a6d0) = 5199 [pid 5199] <... chdir resumed>) = 0 [pid 5199] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5199] setpgid(0, 0) = 0 [pid 5199] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5199] write(3, "1000", 4) = 4 [pid 5199] close(3) = 0 [pid 5199] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5199] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5199] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5199] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5200], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5200 [pid 5199] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5200 attached [pid 5200] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5200] memfd_create("syzkaller", 0) = 3 [pid 5200] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5200] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5200] munmap(0x7f2656609000, 131072) = 0 [pid 5200] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5200] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5200] close(3) = 0 [pid 5200] mkdir("./file2", 0777) = 0 [pid 5200] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5200] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5200] chdir("./file2") = 0 [pid 5200] ioctl(4, LOOP_CLR_FD) = 0 [pid 5200] close(4) = 0 [pid 5200] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] <... futex resumed>) = 0 [pid 5200] <... futex resumed>) = 1 [pid 5199] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5200] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5199] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5200] <... openat resumed>) = 4 [pid 5200] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] <... futex resumed>) = 0 [pid 5200] <... futex resumed>) = 1 [pid 5199] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5200] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5200] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5200] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5199] <... futex resumed>) = 0 [pid 5199] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5200] <... futex resumed>) = 0 [pid 5199] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5200] write(4, "\x00\x00", 2) = 2 [pid 5200] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5199] <... futex resumed>) = 0 [pid 5200] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5199] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5200] <... mmap resumed>) = 0x20000000 [pid 5200] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] <... mmap resumed>) = 0x7f2656608000 [pid 5200] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5199] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5199] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5201 attached , parent_tid=[5201], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5201 [pid 5201] set_robust_list(0x7f26566289e0, 24 [pid 5199] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5201] <... set_robust_list resumed>) = 0 [pid 5201] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5201] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5201] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5199] <... futex resumed>) = 0 [pid 5201] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5199] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5200] <... futex resumed>) = 0 [pid 5199] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5200] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5200] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5199] <... futex resumed>) = 0 [pid 5200] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5199] exit_group(0) = ? [pid 5200] <... futex resumed>) = ? [pid 5201] <... futex resumed>) = ? [pid 5201] +++ exited with 0 +++ [pid 5200] +++ exited with 0 +++ [pid 5199] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5199, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 [ 71.511183][ T5200] loop0: detected capacity change from 0 to 256 [ 71.520394][ T5200] exfat: Deprecated parameter 'utf8' [ 71.531324][ T5200] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./40/binderfs") = 0 umount2("./40/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./40/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5202 ./strace-static-x86_64: Process 5202 attached [pid 5202] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5202] chdir("./41") = 0 [pid 5202] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5202] setpgid(0, 0) = 0 [pid 5202] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5202] write(3, "1000", 4) = 4 [pid 5202] close(3) = 0 [pid 5202] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5202] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5202] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5202] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5202] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5203], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5203 [pid 5202] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5202] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5203 attached [pid 5203] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5203] memfd_create("syzkaller", 0) = 3 [pid 5203] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5203] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5203] munmap(0x7f2656609000, 131072) = 0 [pid 5203] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5203] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5203] close(3) = 0 [pid 5203] mkdir("./file2", 0777) = 0 [pid 5203] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5203] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5203] chdir("./file2") = 0 [pid 5203] ioctl(4, LOOP_CLR_FD) = 0 [pid 5203] close(4) = 0 [pid 5203] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... futex resumed>) = 0 [pid 5202] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5202] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5203] <... futex resumed>) = 1 [pid 5203] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5203] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... futex resumed>) = 0 [pid 5202] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5202] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5203] <... futex resumed>) = 1 [pid 5203] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5203] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... futex resumed>) = 0 [pid 5202] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] <... futex resumed>) = 1 [pid 5202] <... futex resumed>) = 0 [pid 5203] write(4, "\x00\x00", 2 [pid 5202] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5203] <... write resumed>) = 2 [pid 5203] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5202] <... futex resumed>) = 0 [pid 5203] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5202] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] <... mmap resumed>) = 0x20000000 [pid 5202] <... futex resumed>) = 0 [pid 5203] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] <... futex resumed>) = 0 [pid 5202] <... futex resumed>) = 0 [pid 5203] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5202] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5202] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5202] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5204], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5204 [pid 5202] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5202] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5204 attached [pid 5204] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5204] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5204] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5204] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5202] <... futex resumed>) = 0 [pid 5202] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] <... futex resumed>) = 0 [pid 5202] <... futex resumed>) = 1 [pid 5203] getdents64(-1, [pid 5202] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5203] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5203] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5202] <... futex resumed>) = 0 [pid 5203] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5202] exit_group(0 [pid 5203] <... futex resumed>) = ? [pid 5202] <... exit_group resumed>) = ? [pid 5203] +++ exited with 0 +++ [pid 5204] +++ exited with 0 +++ [pid 5202] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5202, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./41/binderfs") = 0 [ 71.643068][ T5203] loop0: detected capacity change from 0 to 256 [ 71.653110][ T5203] exfat: Deprecated parameter 'utf8' [ 71.663832][ T5203] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./41/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./41/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5205 ./strace-static-x86_64: Process 5205 attached [pid 5205] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5205] chdir("./42") = 0 [pid 5205] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5205] setpgid(0, 0) = 0 [pid 5205] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5205] write(3, "1000", 4) = 4 [pid 5205] close(3) = 0 [pid 5205] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5205] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5205] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5205] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5205] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5206], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5206 [pid 5205] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5205] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5206 attached [pid 5206] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5206] memfd_create("syzkaller", 0) = 3 [pid 5206] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5206] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5206] munmap(0x7f2656609000, 131072) = 0 [pid 5206] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5206] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5206] close(3) = 0 [pid 5206] mkdir("./file2", 0777) = 0 [pid 5206] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5206] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5206] chdir("./file2") = 0 [pid 5206] ioctl(4, LOOP_CLR_FD) = 0 [pid 5206] close(4) = 0 [pid 5206] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5205] <... futex resumed>) = 0 [pid 5205] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5205] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5206] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5206] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... futex resumed>) = 0 [pid 5205] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5205] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5206] <... futex resumed>) = 1 [pid 5206] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5206] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... futex resumed>) = 0 [pid 5205] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5205] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5206] <... futex resumed>) = 1 [pid 5206] write(4, "\x00\x00", 2) = 2 [pid 5206] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... futex resumed>) = 0 [pid 5205] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5205] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5205] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5205] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5205] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5207], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5207 [pid 5205] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5205] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5206] <... futex resumed>) = 1 [pid 5206] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 ./strace-static-x86_64: Process 5207 attached [pid 5206] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5206] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5207] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5207] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5207] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5207] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5205] <... futex resumed>) = 0 [pid 5205] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5205] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5206] <... futex resumed>) = 0 [pid 5206] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5206] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5205] <... futex resumed>) = 0 [pid 5207] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5206] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5205] exit_group(0 [pid 5206] <... futex resumed>) = ? [pid 5205] <... exit_group resumed>) = ? [pid 5207] <... futex resumed>) = ? [pid 5206] +++ exited with 0 +++ [pid 5207] +++ exited with 0 +++ [pid 5205] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5205, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./42/binderfs") = 0 umount2("./42/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 71.765486][ T5206] loop0: detected capacity change from 0 to 256 [ 71.774815][ T5206] exfat: Deprecated parameter 'utf8' [ 71.786343][ T5206] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) lstat("./42/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./42/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5208 ./strace-static-x86_64: Process 5208 attached [pid 5208] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5208] chdir("./43") = 0 [pid 5208] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5208] setpgid(0, 0) = 0 [pid 5208] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5208] write(3, "1000", 4) = 4 [pid 5208] close(3) = 0 [pid 5208] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5208] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5208] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5208] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5208] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5209 attached , parent_tid=[5209], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5209 [pid 5209] set_robust_list(0x7f265ea299e0, 24 [pid 5208] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] <... set_robust_list resumed>) = 0 [pid 5208] <... futex resumed>) = 0 [pid 5208] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5209] memfd_create("syzkaller", 0) = 3 [pid 5209] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5209] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5209] munmap(0x7f2656609000, 131072) = 0 [pid 5209] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5209] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5209] close(3) = 0 [pid 5209] mkdir("./file2", 0777) = 0 [pid 5209] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5209] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5209] chdir("./file2") = 0 [pid 5209] ioctl(4, LOOP_CLR_FD) = 0 [pid 5209] close(4) = 0 [pid 5209] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] <... futex resumed>) = 0 [pid 5209] <... futex resumed>) = 1 [pid 5208] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5208] <... futex resumed>) = 0 [pid 5208] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5209] <... openat resumed>) = 4 [pid 5209] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5208] <... futex resumed>) = 0 [pid 5208] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5208] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5209] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5209] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5208] <... futex resumed>) = 0 [pid 5208] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5208] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5209] write(4, "\x00\x00", 2) = 2 [pid 5209] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] <... futex resumed>) = 0 [pid 5208] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5208] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5208] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5208] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5209] <... futex resumed>) = 1 [pid 5208] <... mprotect resumed>) = 0 [pid 5209] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5208] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5210 attached [pid 5209] <... mmap resumed>) = 0x20000000 [pid 5208] <... clone resumed>, parent_tid=[5210], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5210 [pid 5210] set_robust_list(0x7f26566289e0, 24 [pid 5208] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] <... futex resumed>) = 0 [pid 5209] <... futex resumed>) = 0 [pid 5208] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5209] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5210] <... set_robust_list resumed>) = 0 [pid 5210] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5210] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5210] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5208] <... futex resumed>) = 0 [pid 5210] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5208] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] <... futex resumed>) = 0 [pid 5208] <... futex resumed>) = 1 [pid 5209] getdents64(-1, [pid 5208] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5209] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5209] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5208] <... futex resumed>) = 0 [pid 5209] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5208] exit_group(0 [pid 5210] <... futex resumed>) = ? [pid 5209] <... futex resumed>) = ? [pid 5208] <... exit_group resumed>) = ? [pid 5210] +++ exited with 0 +++ [pid 5209] +++ exited with 0 +++ [pid 5208] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5208, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./43/binderfs") = 0 [ 71.903177][ T5209] loop0: detected capacity change from 0 to 256 [ 71.913262][ T5209] exfat: Deprecated parameter 'utf8' [ 71.923329][ T5209] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./43/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./43/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5211 ./strace-static-x86_64: Process 5211 attached [pid 5211] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5211] chdir("./44") = 0 [pid 5211] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5211] setpgid(0, 0) = 0 [pid 5211] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5211] write(3, "1000", 4) = 4 [pid 5211] close(3) = 0 [pid 5211] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5211] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5211] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5211] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5212 attached [pid 5212] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5212] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5211] <... clone resumed>, parent_tid=[5212], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5212 [pid 5211] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5212] <... futex resumed>) = 0 [pid 5211] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5212] memfd_create("syzkaller", 0) = 3 [pid 5212] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5212] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5212] munmap(0x7f2656609000, 131072) = 0 [pid 5212] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5212] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5212] close(3) = 0 [pid 5212] mkdir("./file2", 0777) = 0 [pid 5212] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5212] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5212] chdir("./file2") = 0 [pid 5212] ioctl(4, LOOP_CLR_FD) = 0 [pid 5212] close(4) = 0 [pid 5212] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5211] <... futex resumed>) = 0 [pid 5211] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5212] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5212] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5211] <... futex resumed>) = 0 [pid 5211] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5212] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5212] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5211] <... futex resumed>) = 0 [pid 5211] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5212] write(4, "\x00\x00", 2) = 2 [pid 5212] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5211] <... futex resumed>) = 0 [pid 5212] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5211] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5212] <... futex resumed>) = 0 [pid 5212] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5211] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5212] <... mmap resumed>) = 0x20000000 [pid 5212] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] <... mmap resumed>) = 0x7f2656608000 [pid 5212] <... futex resumed>) = 0 [pid 5212] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5211] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5211] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5213 attached , parent_tid=[5213], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5213 [pid 5211] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5213] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5213] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5213] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5213] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] <... futex resumed>) = 0 [pid 5213] <... futex resumed>) = 1 [pid 5211] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5211] <... futex resumed>) = 1 [pid 5212] <... futex resumed>) = 0 [pid 5212] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5212] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5212] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5211] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5211] exit_group(0 [pid 5212] <... futex resumed>) = ? [pid 5211] <... exit_group resumed>) = ? [pid 5212] +++ exited with 0 +++ [pid 5213] <... futex resumed>) = ? [pid 5213] +++ exited with 0 +++ [pid 5211] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5211, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./44/binderfs") = 0 [ 72.015567][ T5212] loop0: detected capacity change from 0 to 256 [ 72.025643][ T5212] exfat: Deprecated parameter 'utf8' [ 72.037288][ T5212] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./44/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./44/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5214 attached , child_tidptr=0x555556b3a6d0) = 5214 [pid 5214] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5214] chdir("./45") = 0 [pid 5214] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5214] setpgid(0, 0) = 0 [pid 5214] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5214] write(3, "1000", 4) = 4 [pid 5214] close(3) = 0 [pid 5214] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5214] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5214] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5214] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5215 attached [pid 5215] set_robust_list(0x7f265ea299e0, 24 [pid 5214] <... clone resumed>, parent_tid=[5215], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5215 [pid 5215] <... set_robust_list resumed>) = 0 [pid 5214] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5214] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5215] memfd_create("syzkaller", 0) = 3 [pid 5215] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5215] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5215] munmap(0x7f2656609000, 131072) = 0 [pid 5215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5215] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5215] close(3) = 0 [pid 5215] mkdir("./file2", 0777) = 0 [pid 5215] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5215] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5215] chdir("./file2") = 0 [pid 5215] ioctl(4, LOOP_CLR_FD) = 0 [pid 5215] close(4) = 0 [pid 5215] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5214] <... futex resumed>) = 0 [pid 5215] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5214] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5214] <... futex resumed>) = 0 [pid 5215] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5214] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5215] <... openat resumed>) = 4 [pid 5215] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5214] <... futex resumed>) = 0 [pid 5215] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5214] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5214] <... futex resumed>) = 0 [pid 5215] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5214] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5215] <... openat resumed>) = 5 [pid 5215] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5214] <... futex resumed>) = 0 [pid 5215] write(4, "\x00\x00", 2 [pid 5214] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... write resumed>) = 2 [pid 5214] <... futex resumed>) = 0 [pid 5215] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5214] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5215] <... futex resumed>) = 0 [pid 5214] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5215] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5214] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... mmap resumed>) = 0x20000000 [pid 5214] <... futex resumed>) = 0 [pid 5215] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5214] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... futex resumed>) = 0 [pid 5214] <... futex resumed>) = 0 [pid 5215] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5214] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5214] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5216], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5216 [pid 5214] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5214] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5216 attached [pid 5216] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5216] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5216] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5216] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5214] <... futex resumed>) = 0 [pid 5216] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5214] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... futex resumed>) = 0 [pid 5214] <... futex resumed>) = 1 [pid 5215] getdents64(-1, [pid 5214] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5215] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5215] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5214] <... futex resumed>) = 0 [pid 5215] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5214] exit_group(0 [pid 5216] <... futex resumed>) = ? [pid 5215] <... futex resumed>) = ? [pid 5214] <... exit_group resumed>) = ? [pid 5216] +++ exited with 0 +++ [pid 5215] +++ exited with 0 +++ [pid 5214] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5214, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./45/binderfs") = 0 umount2("./45/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./45/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 72.139897][ T5215] loop0: detected capacity change from 0 to 256 [ 72.150272][ T5215] exfat: Deprecated parameter 'utf8' [ 72.160964][ T5215] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) openat(AT_FDCWD, "./45/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5217 ./strace-static-x86_64: Process 5217 attached [pid 5217] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5217] chdir("./46") = 0 [pid 5217] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5217] setpgid(0, 0) = 0 [pid 5217] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5217] write(3, "1000", 4) = 4 [pid 5217] close(3) = 0 [pid 5217] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5217] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5217] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5217] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5217] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5218 attached [pid 5218] set_robust_list(0x7f265ea299e0, 24 [pid 5217] <... clone resumed>, parent_tid=[5218], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5218 [pid 5218] <... set_robust_list resumed>) = 0 [pid 5217] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5217] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5218] memfd_create("syzkaller", 0) = 3 [pid 5218] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5218] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5218] munmap(0x7f2656609000, 131072) = 0 [pid 5218] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5218] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5218] close(3) = 0 [pid 5218] mkdir("./file2", 0777) = 0 [pid 5218] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5218] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5218] chdir("./file2") = 0 [pid 5218] ioctl(4, LOOP_CLR_FD) = 0 [pid 5218] close(4) = 0 [pid 5218] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5217] <... futex resumed>) = 0 [pid 5217] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5217] <... futex resumed>) = 0 [pid 5217] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] <... openat resumed>) = 4 [pid 5218] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5217] <... futex resumed>) = 0 [pid 5217] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5217] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5218] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5217] <... futex resumed>) = 0 [pid 5217] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5217] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] write(4, "\x00\x00", 2) = 2 [pid 5218] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5217] <... futex resumed>) = 0 [pid 5217] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5217] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5217] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5217] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5217] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5218] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5217] <... clone resumed>, parent_tid=[5219], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5219 ./strace-static-x86_64: Process 5219 attached [pid 5217] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] set_robust_list(0x7f26566289e0, 24 [pid 5217] <... futex resumed>) = 0 [pid 5219] <... set_robust_list resumed>) = 0 [pid 5217] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] <... mmap resumed>) = 0x20000000 [pid 5219] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5218] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5218] <... futex resumed>) = 0 [pid 5219] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5217] <... futex resumed>) = 0 [pid 5217] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5217] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] <... futex resumed>) = 0 [pid 5219] <... futex resumed>) = 1 [pid 5219] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5218] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5218] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5217] <... futex resumed>) = 0 [pid 5218] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5217] exit_group(0 [pid 5219] <... futex resumed>) = ? [pid 5218] <... futex resumed>) = ? [pid 5217] <... exit_group resumed>) = ? [pid 5219] +++ exited with 0 +++ [pid 5218] +++ exited with 0 +++ [pid 5217] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5217, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./46/binderfs") = 0 [ 72.263194][ T5218] loop0: detected capacity change from 0 to 256 [ 72.273628][ T5218] exfat: Deprecated parameter 'utf8' [ 72.285146][ T5218] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./46/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./46/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5220 ./strace-static-x86_64: Process 5220 attached [pid 5220] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5220] chdir("./47") = 0 [pid 5220] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5220] setpgid(0, 0) = 0 [pid 5220] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5220] write(3, "1000", 4) = 4 [pid 5220] close(3) = 0 [pid 5220] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5220] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5220] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5220] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5220] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5221], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5221 [pid 5220] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5220] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5221 attached [pid 5221] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5221] memfd_create("syzkaller", 0) = 3 [pid 5221] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5221] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5221] munmap(0x7f2656609000, 131072) = 0 [pid 5221] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5221] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5221] close(3) = 0 [pid 5221] mkdir("./file2", 0777) = 0 [pid 5221] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5221] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5221] chdir("./file2") = 0 [pid 5221] ioctl(4, LOOP_CLR_FD) = 0 [pid 5221] close(4) = 0 [pid 5221] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] <... futex resumed>) = 0 [pid 5220] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5220] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5221] <... futex resumed>) = 1 [pid 5221] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5221] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] <... futex resumed>) = 0 [pid 5220] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5220] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5221] <... futex resumed>) = 1 [pid 5221] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5221] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] <... futex resumed>) = 0 [pid 5220] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5220] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5221] <... futex resumed>) = 1 [pid 5221] write(4, "\x00\x00", 2) = 2 [pid 5221] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] <... futex resumed>) = 0 [pid 5220] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5220] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5220] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5220] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5220] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5222], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5222 [pid 5220] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5220] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5221] <... futex resumed>) = 1 [pid 5221] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5221] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5221] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5222 attached [pid 5222] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5222] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5222] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5222] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5220] <... futex resumed>) = 0 [pid 5220] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5220] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5221] <... futex resumed>) = 0 [pid 5221] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5221] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5220] <... futex resumed>) = 0 [pid 5221] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5220] exit_group(0 [pid 5221] <... futex resumed>) = ? [pid 5220] <... exit_group resumed>) = ? [pid 5221] +++ exited with 0 +++ [pid 5222] +++ exited with 0 +++ [pid 5220] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5220, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./47/binderfs") = 0 umount2("./47/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 72.370159][ T5221] loop0: detected capacity change from 0 to 256 [ 72.381127][ T5221] exfat: Deprecated parameter 'utf8' [ 72.391832][ T5221] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./47/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./47/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5223 ./strace-static-x86_64: Process 5223 attached [pid 5223] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5223] chdir("./48") = 0 [pid 5223] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5223] setpgid(0, 0) = 0 [pid 5223] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5223] write(3, "1000", 4) = 4 [pid 5223] close(3) = 0 [pid 5223] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5223] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5223] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5223] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5224 attached [pid 5224] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5224] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5223] <... clone resumed>, parent_tid=[5224], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5224 [pid 5223] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5224] <... futex resumed>) = 0 [pid 5224] memfd_create("syzkaller", 0 [pid 5223] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5224] <... memfd_create resumed>) = 3 [pid 5224] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5224] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5224] munmap(0x7f2656609000, 131072) = 0 [pid 5224] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5224] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5224] close(3) = 0 [pid 5224] mkdir("./file2", 0777) = 0 [pid 5224] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5224] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5224] chdir("./file2") = 0 [pid 5224] ioctl(4, LOOP_CLR_FD) = 0 [pid 5224] close(4) = 0 [pid 5224] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5223] <... futex resumed>) = 0 [pid 5224] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5223] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... openat resumed>) = 4 [pid 5223] <... futex resumed>) = 0 [pid 5223] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5224] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5223] <... futex resumed>) = 0 [pid 5224] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5223] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5224] <... openat resumed>) = 5 [pid 5224] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5223] <... futex resumed>) = 0 [pid 5224] write(4, "\x00\x00", 2 [pid 5223] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... write resumed>) = 2 [pid 5223] <... futex resumed>) = 0 [pid 5224] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5224] <... futex resumed>) = 0 [pid 5223] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5224] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5223] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... mmap resumed>) = 0x20000000 [pid 5223] <... futex resumed>) = 0 [pid 5224] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... futex resumed>) = 0 [pid 5223] <... futex resumed>) = 0 [pid 5224] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5223] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5223] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5223] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5225], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5225 [pid 5223] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5225 attached [pid 5225] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5225] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5225] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5225] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5223] <... futex resumed>) = 0 [pid 5223] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... futex resumed>) = 0 [pid 5223] <... futex resumed>) = 1 [pid 5224] getdents64(-1, [pid 5223] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5225] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5224] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5224] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5223] <... futex resumed>) = 0 [pid 5224] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5223] exit_group(0 [pid 5224] <... futex resumed>) = ? [pid 5223] <... exit_group resumed>) = ? [pid 5225] <... futex resumed>) = ? [pid 5224] +++ exited with 0 +++ [pid 5225] +++ exited with 0 +++ [pid 5223] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5223, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./48/binderfs") = 0 [ 72.500216][ T5224] loop0: detected capacity change from 0 to 256 [ 72.510196][ T5224] exfat: Deprecated parameter 'utf8' [ 72.521017][ T5224] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./48/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./48/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5226 ./strace-static-x86_64: Process 5226 attached [pid 5226] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5226] chdir("./49") = 0 [pid 5226] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5226] setpgid(0, 0) = 0 [pid 5226] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5226] write(3, "1000", 4) = 4 [pid 5226] close(3) = 0 [pid 5226] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5226] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5226] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5226] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5226] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5227], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5227 [pid 5226] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5226] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5227 attached [pid 5227] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5227] memfd_create("syzkaller", 0) = 3 [pid 5227] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5227] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5227] munmap(0x7f2656609000, 131072) = 0 [pid 5227] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5227] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5227] close(3) = 0 [pid 5227] mkdir("./file2", 0777) = 0 [pid 5227] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5227] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5227] chdir("./file2") = 0 [pid 5227] ioctl(4, LOOP_CLR_FD) = 0 [pid 5227] close(4) = 0 [pid 5227] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5226] <... futex resumed>) = 0 [pid 5226] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5226] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5227] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5227] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5226] <... futex resumed>) = 0 [pid 5227] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5226] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5226] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5227] <... futex resumed>) = 0 [pid 5227] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5227] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] <... futex resumed>) = 0 [pid 5226] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5226] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5227] <... futex resumed>) = 1 [pid 5227] write(4, "\x00\x00", 2) = 2 [pid 5227] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] <... futex resumed>) = 0 [pid 5226] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5226] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5226] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5226] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5226] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5228 attached , parent_tid=[5228], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5228 [pid 5226] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5226] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5227] <... futex resumed>) = 1 [pid 5227] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5228] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5227] <... mmap resumed>) = 0x20000000 [pid 5228] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5227] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5228] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5228] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] <... futex resumed>) = 0 [pid 5226] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5226] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5227] <... futex resumed>) = 0 [pid 5227] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5227] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] <... futex resumed>) = 0 [pid 5226] exit_group(0) = ? [pid 5227] <... futex resumed>) = ? [pid 5227] +++ exited with 0 +++ [pid 5228] <... futex resumed>) = ? [pid 5228] +++ exited with 0 +++ [pid 5226] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5226, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 72.623009][ T5227] loop0: detected capacity change from 0 to 256 [ 72.634200][ T5227] exfat: Deprecated parameter 'utf8' [ 72.644050][ T5227] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) unlink("./49/binderfs") = 0 umount2("./49/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./49/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./49/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./49/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5229 ./strace-static-x86_64: Process 5229 attached [pid 5229] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5229] chdir("./50") = 0 [pid 5229] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5229] setpgid(0, 0) = 0 [pid 5229] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5229] write(3, "1000", 4) = 4 [pid 5229] close(3) = 0 [pid 5229] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5229] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5229] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5229] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5230 attached , parent_tid=[5230], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5230 [pid 5230] set_robust_list(0x7f265ea299e0, 24 [pid 5229] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5230] <... set_robust_list resumed>) = 0 [pid 5230] memfd_create("syzkaller", 0) = 3 [pid 5230] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5230] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5230] munmap(0x7f2656609000, 131072) = 0 [pid 5230] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5230] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5230] close(3) = 0 [pid 5230] mkdir("./file2", 0777) = 0 [pid 5230] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5230] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5230] chdir("./file2") = 0 [pid 5230] ioctl(4, LOOP_CLR_FD) = 0 [pid 5230] close(4) = 0 [pid 5230] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5229] <... futex resumed>) = 0 [pid 5230] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5229] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] <... openat resumed>) = 4 [pid 5229] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5229] <... futex resumed>) = 0 [pid 5230] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5229] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] <... openat resumed>) = 5 [pid 5229] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5229] <... futex resumed>) = 0 [pid 5230] write(4, "\x00\x00", 2 [pid 5229] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] <... write resumed>) = 2 [pid 5229] <... futex resumed>) = 0 [pid 5230] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] <... futex resumed>) = 0 [pid 5229] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5230] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5229] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] <... mmap resumed>) = 0x20000000 [pid 5229] <... futex resumed>) = 0 [pid 5230] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] <... futex resumed>) = 0 [pid 5229] <... futex resumed>) = 0 [pid 5230] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5229] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5229] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5229] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5231], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5231 [pid 5229] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5231 attached [pid 5231] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5231] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5231] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5231] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5229] <... futex resumed>) = 0 [pid 5231] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5229] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] <... futex resumed>) = 0 [pid 5229] <... futex resumed>) = 1 [pid 5230] getdents64(-1, [pid 5229] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5230] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5229] <... futex resumed>) = 0 [pid 5230] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5229] exit_group(0 [pid 5231] <... futex resumed>) = ? [pid 5230] <... futex resumed>) = ? [pid 5229] <... exit_group resumed>) = ? [pid 5231] +++ exited with 0 +++ [pid 5230] +++ exited with 0 +++ [pid 5229] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5229, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./50/binderfs") = 0 umount2("./50/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./50/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 72.741141][ T5230] loop0: detected capacity change from 0 to 256 [ 72.752080][ T5230] exfat: Deprecated parameter 'utf8' [ 72.762346][ T5230] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./50/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5232 attached , child_tidptr=0x555556b3a6d0) = 5232 [pid 5232] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5232] chdir("./51") = 0 [pid 5232] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5232] setpgid(0, 0) = 0 [pid 5232] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5232] write(3, "1000", 4) = 4 [pid 5232] close(3) = 0 [pid 5232] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5232] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5232] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5232] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5232] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5233], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5233 [pid 5232] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5232] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5233 attached [pid 5233] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5233] memfd_create("syzkaller", 0) = 3 [pid 5233] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5233] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5233] munmap(0x7f2656609000, 131072) = 0 [pid 5233] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5233] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5233] close(3) = 0 [pid 5233] mkdir("./file2", 0777) = 0 [pid 5233] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5233] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5233] chdir("./file2") = 0 [pid 5233] ioctl(4, LOOP_CLR_FD) = 0 [pid 5233] close(4) = 0 [pid 5233] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5232] <... futex resumed>) = 0 [pid 5232] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5232] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5233] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5233] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5232] <... futex resumed>) = 0 [pid 5232] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5232] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5233] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5233] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5233] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5232] <... futex resumed>) = 0 [pid 5232] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5233] <... futex resumed>) = 0 [pid 5233] write(4, "\x00\x00", 2) = 2 [pid 5232] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5233] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5232] <... futex resumed>) = 0 [pid 5232] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5232] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5232] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5232] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5232] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5234 attached , parent_tid=[5234], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5234 [pid 5232] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] <... futex resumed>) = 1 [pid 5232] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5233] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5234] set_robust_list(0x7f26566289e0, 24 [pid 5233] <... mmap resumed>) = 0x20000000 [pid 5233] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5234] <... set_robust_list resumed>) = 0 [pid 5233] <... futex resumed>) = 0 [pid 5233] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5234] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5234] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5234] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5232] <... futex resumed>) = 0 [pid 5234] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5232] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] <... futex resumed>) = 0 [pid 5232] <... futex resumed>) = 1 [pid 5233] getdents64(-1, [pid 5232] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5233] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5233] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5232] <... futex resumed>) = 0 [pid 5233] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5232] exit_group(0 [pid 5234] <... futex resumed>) = ? [pid 5233] <... futex resumed>) = ? [pid 5232] <... exit_group resumed>) = ? [pid 5234] +++ exited with 0 +++ [pid 5233] +++ exited with 0 +++ [pid 5232] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5232, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./51/binderfs") = 0 umount2("./51/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./51/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./51/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 72.852279][ T5233] loop0: detected capacity change from 0 to 256 [ 72.862557][ T5233] exfat: Deprecated parameter 'utf8' [ 72.872488][ T5233] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) openat(AT_FDCWD, "./51/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5235 attached , child_tidptr=0x555556b3a6d0) = 5235 [pid 5235] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5235] chdir("./52") = 0 [pid 5235] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5235] setpgid(0, 0) = 0 [pid 5235] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5235] write(3, "1000", 4) = 4 [pid 5235] close(3) = 0 [pid 5235] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5235] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5235] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5235] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5236 attached , parent_tid=[5236], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5236 [pid 5236] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5236] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5235] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5236] <... futex resumed>) = 0 [pid 5235] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5236] memfd_create("syzkaller", 0) = 3 [pid 5236] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5236] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5236] munmap(0x7f2656609000, 131072) = 0 [pid 5236] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5236] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5236] close(3) = 0 [pid 5236] mkdir("./file2", 0777) = 0 [pid 5236] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5236] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5236] chdir("./file2") = 0 [pid 5236] ioctl(4, LOOP_CLR_FD) = 0 [pid 5236] close(4) = 0 [pid 5236] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5235] <... futex resumed>) = 0 [pid 5236] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5235] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5236] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5235] <... futex resumed>) = 0 [pid 5235] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5236] <... openat resumed>) = 4 [pid 5236] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5235] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5236] <... futex resumed>) = 0 [pid 5235] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5235] <... futex resumed>) = 0 [pid 5235] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5236] <... openat resumed>) = 5 [pid 5236] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5235] <... futex resumed>) = 0 [pid 5236] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5235] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5235] <... futex resumed>) = 0 [pid 5236] write(4, "\x00\x00", 2 [pid 5235] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5236] <... write resumed>) = 2 [pid 5236] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5235] <... futex resumed>) = 0 [pid 5236] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5235] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5235] <... futex resumed>) = 0 [pid 5236] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5235] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] <... mmap resumed>) = 0x20000000 [pid 5235] <... futex resumed>) = 0 [pid 5236] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5235] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5236] <... futex resumed>) = 0 [pid 5235] <... mmap resumed>) = 0x7f2656608000 [pid 5236] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5235] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5235] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5237], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5237 ./strace-static-x86_64: Process 5237 attached [pid 5235] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5237] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5237] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5237] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5237] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5235] <... futex resumed>) = 0 [pid 5237] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5235] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] <... futex resumed>) = 0 [pid 5235] <... futex resumed>) = 1 [pid 5236] getdents64(-1, [pid 5235] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5236] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5236] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5235] <... futex resumed>) = 0 [pid 5236] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5235] exit_group(0 [pid 5237] <... futex resumed>) = ? [pid 5236] <... futex resumed>) = ? [pid 5235] <... exit_group resumed>) = ? [pid 5237] +++ exited with 0 +++ [pid 5236] +++ exited with 0 +++ [pid 5235] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5235, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./52/binderfs") = 0 [ 72.964398][ T5236] loop0: detected capacity change from 0 to 256 [ 72.973116][ T5236] exfat: Deprecated parameter 'utf8' [ 72.983911][ T5236] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./52/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./52/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./52/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./52/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5238 ./strace-static-x86_64: Process 5238 attached [pid 5238] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5238] chdir("./53") = 0 [pid 5238] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5238] setpgid(0, 0) = 0 [pid 5238] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5238] write(3, "1000", 4) = 4 [pid 5238] close(3) = 0 [pid 5238] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5238] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5238] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5238] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5239], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5239 [pid 5238] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5239 attached [pid 5239] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5239] memfd_create("syzkaller", 0) = 3 [pid 5239] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5239] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5239] munmap(0x7f2656609000, 131072) = 0 [pid 5239] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5239] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5239] close(3) = 0 [pid 5239] mkdir("./file2", 0777) = 0 [pid 5239] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5239] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5239] chdir("./file2") = 0 [pid 5239] ioctl(4, LOOP_CLR_FD) = 0 [pid 5239] close(4) = 0 [pid 5239] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5238] <... futex resumed>) = 0 [pid 5238] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5238] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5239] <... openat resumed>) = 4 [pid 5239] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] <... futex resumed>) = 0 [pid 5239] <... futex resumed>) = 1 [pid 5239] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5238] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5239] <... openat resumed>) = 5 [pid 5239] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] <... futex resumed>) = 0 [pid 5239] <... futex resumed>) = 1 [pid 5239] write(4, "\x00\x00", 2 [pid 5238] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5239] <... write resumed>) = 2 [pid 5239] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] <... futex resumed>) = 0 [pid 5239] <... futex resumed>) = 1 [pid 5238] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5238] <... futex resumed>) = 0 [pid 5238] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5239] <... mmap resumed>) = 0x20000000 [pid 5238] <... mmap resumed>) = 0x7f2656608000 [pid 5238] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5238] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5240 attached , parent_tid=[5240], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5240 [pid 5240] set_robust_list(0x7f26566289e0, 24 [pid 5238] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] <... set_robust_list resumed>) = 0 [pid 5238] <... futex resumed>) = 0 [pid 5238] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5240] openat(AT_FDCWD, "", O_RDONLY [pid 5239] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5240] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] <... futex resumed>) = 0 [pid 5238] <... futex resumed>) = 0 [pid 5238] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] <... futex resumed>) = 1 [pid 5240] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5239] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5239] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5238] <... futex resumed>) = 0 [pid 5239] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5238] exit_group(0) = ? [pid 5239] <... futex resumed>) = ? [pid 5240] <... futex resumed>) = ? [pid 5240] +++ exited with 0 +++ [pid 5239] +++ exited with 0 +++ [pid 5238] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5238, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 73.083938][ T5239] loop0: detected capacity change from 0 to 256 [ 73.093819][ T5239] exfat: Deprecated parameter 'utf8' [ 73.103254][ T5239] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./53/binderfs") = 0 umount2("./53/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./53/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./53/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./53/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5241 ./strace-static-x86_64: Process 5241 attached [pid 5241] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5241] chdir("./54") = 0 [pid 5241] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5241] setpgid(0, 0) = 0 [pid 5241] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5241] write(3, "1000", 4) = 4 [pid 5241] close(3) = 0 [pid 5241] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5241] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5241] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5241] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5242 attached , parent_tid=[5242], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5242 [pid 5242] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5242] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5241] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5242] <... futex resumed>) = 0 [pid 5241] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5242] memfd_create("syzkaller", 0) = 3 [pid 5242] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5242] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5242] munmap(0x7f2656609000, 131072) = 0 [pid 5242] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5242] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5242] close(3) = 0 [pid 5242] mkdir("./file2", 0777) = 0 [pid 5242] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5242] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5242] chdir("./file2") = 0 [pid 5242] ioctl(4, LOOP_CLR_FD) = 0 [pid 5242] close(4) = 0 [pid 5242] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... futex resumed>) = 0 [pid 5242] <... futex resumed>) = 1 [pid 5241] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5242] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5242] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... futex resumed>) = 0 [pid 5242] <... futex resumed>) = 1 [pid 5241] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5242] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5241] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5242] <... openat resumed>) = 5 [pid 5242] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... futex resumed>) = 0 [pid 5242] <... futex resumed>) = 1 [pid 5241] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] write(4, "\x00\x00", 2 [pid 5241] <... futex resumed>) = 0 [pid 5241] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5242] <... write resumed>) = 2 [pid 5242] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... futex resumed>) = 0 [pid 5242] <... futex resumed>) = 1 [pid 5241] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5242] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5241] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5241] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5241] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5242] <... mmap resumed>) = 0x20000000 [pid 5242] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... clone resumed>, parent_tid=[5243], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5243 ./strace-static-x86_64: Process 5243 attached [pid 5242] <... futex resumed>) = 0 [pid 5241] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5243] set_robust_list(0x7f26566289e0, 24 [pid 5242] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5241] <... futex resumed>) = 0 [pid 5243] <... set_robust_list resumed>) = 0 [pid 5241] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5243] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5243] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5243] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... futex resumed>) = 0 [pid 5241] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5241] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5242] <... futex resumed>) = 0 [pid 5242] getdents64(-1, [pid 5243] <... futex resumed>) = 1 [pid 5242] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5243] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5242] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5241] <... futex resumed>) = 0 [pid 5242] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5241] exit_group(0) = ? [pid 5242] <... futex resumed>) = ? [pid 5243] <... futex resumed>) = ? [pid 5243] +++ exited with 0 +++ [pid 5242] +++ exited with 0 +++ [pid 5241] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5241, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./54/binderfs") = 0 umount2("./54/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./54/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./54/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./54/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 73.198205][ T5242] loop0: detected capacity change from 0 to 256 [ 73.207422][ T5242] exfat: Deprecated parameter 'utf8' [ 73.218531][ T5242] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) openat(AT_FDCWD, "./54/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5244 attached [pid 5244] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5244] chdir("./55") = 0 [pid 5078] <... clone resumed>, child_tidptr=0x555556b3a6d0) = 5244 [pid 5244] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5244] setpgid(0, 0) = 0 [pid 5244] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5244] write(3, "1000", 4) = 4 [pid 5244] close(3) = 0 [pid 5244] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5244] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5244] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5244] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5244] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5245 attached [pid 5245] set_robust_list(0x7f265ea299e0, 24 [pid 5244] <... clone resumed>, parent_tid=[5245], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5245 [pid 5245] <... set_robust_list resumed>) = 0 [pid 5244] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5244] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5245] memfd_create("syzkaller", 0) = 3 [pid 5245] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5245] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5245] munmap(0x7f2656609000, 131072) = 0 [pid 5245] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5245] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5245] close(3) = 0 [pid 5245] mkdir("./file2", 0777) = 0 [pid 5245] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5245] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5245] chdir("./file2") = 0 [pid 5245] ioctl(4, LOOP_CLR_FD) = 0 [pid 5245] close(4) = 0 [pid 5245] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5245] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5244] <... futex resumed>) = 0 [pid 5244] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] <... futex resumed>) = 0 [pid 5244] <... futex resumed>) = 1 [pid 5245] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5244] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5245] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5244] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5244] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] <... futex resumed>) = 0 [pid 5244] <... futex resumed>) = 1 [pid 5245] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5244] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5245] <... openat resumed>) = 5 [pid 5245] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5244] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5244] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] <... futex resumed>) = 0 [pid 5244] <... futex resumed>) = 1 [pid 5245] write(4, "\x00\x00", 2 [pid 5244] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5245] <... write resumed>) = 2 [pid 5245] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5244] <... futex resumed>) = 0 [pid 5245] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5244] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] <... mmap resumed>) = 0x20000000 [pid 5244] <... futex resumed>) = 0 [pid 5244] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] <... futex resumed>) = 0 [pid 5245] <... futex resumed>) = 0 [pid 5244] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5245] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5244] <... mmap resumed>) = 0x7f2656608000 [pid 5244] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5244] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5246 attached , parent_tid=[5246], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5246 [pid 5246] set_robust_list(0x7f26566289e0, 24 [pid 5244] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5246] <... set_robust_list resumed>) = 0 [pid 5244] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5246] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5246] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5244] <... futex resumed>) = 0 [pid 5244] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5245] <... futex resumed>) = 0 [pid 5245] getdents64(-1, [pid 5244] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5245] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5246] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5245] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5244] <... futex resumed>) = 0 [pid 5245] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5244] exit_group(0 [pid 5246] <... futex resumed>) = ? [pid 5245] <... futex resumed>) = ? [pid 5244] <... exit_group resumed>) = ? [pid 5246] +++ exited with 0 +++ [pid 5245] +++ exited with 0 +++ [pid 5244] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5244, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./55/binderfs") = 0 umount2("./55/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 73.312631][ T5245] loop0: detected capacity change from 0 to 256 [ 73.322419][ T5245] exfat: Deprecated parameter 'utf8' [ 73.331979][ T5245] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./55/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./55/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./55/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5247 attached , child_tidptr=0x555556b3a6d0) = 5247 [pid 5247] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5247] chdir("./56") = 0 [pid 5247] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5247] setpgid(0, 0) = 0 [pid 5247] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5247] write(3, "1000", 4) = 4 [pid 5247] close(3) = 0 [pid 5247] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5247] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5247] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5247] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5247] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5248 attached [pid 5248] set_robust_list(0x7f265ea299e0, 24 [pid 5247] <... clone resumed>, parent_tid=[5248], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5248 [pid 5248] <... set_robust_list resumed>) = 0 [pid 5247] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5247] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5248] memfd_create("syzkaller", 0) = 3 [pid 5248] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5248] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5248] munmap(0x7f2656609000, 131072) = 0 [pid 5248] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5248] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5248] close(3) = 0 [pid 5248] mkdir("./file2", 0777) = 0 [pid 5248] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5248] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5248] chdir("./file2") = 0 [pid 5248] ioctl(4, LOOP_CLR_FD) = 0 [pid 5248] close(4) = 0 [pid 5248] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5247] <... futex resumed>) = 0 [pid 5248] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5247] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5247] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5248] <... openat resumed>) = 4 [pid 5248] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5247] <... futex resumed>) = 0 [pid 5247] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5247] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5248] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5248] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5247] <... futex resumed>) = 0 [pid 5248] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5247] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] <... futex resumed>) = 0 [pid 5247] <... futex resumed>) = 1 [pid 5248] write(4, "\x00\x00", 2 [pid 5247] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5248] <... write resumed>) = 2 [pid 5248] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5247] <... futex resumed>) = 0 [pid 5248] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5247] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5247] <... futex resumed>) = 0 [pid 5248] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5247] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] <... mmap resumed>) = 0x20000000 [pid 5247] <... futex resumed>) = 0 [pid 5248] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5248] <... futex resumed>) = 0 [pid 5248] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5247] <... mmap resumed>) = 0x7f2656608000 [pid 5247] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5247] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5249], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5249 ./strace-static-x86_64: Process 5249 attached [pid 5247] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5247] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5249] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5249] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5249] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5249] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5247] <... futex resumed>) = 0 [pid 5247] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] <... futex resumed>) = 0 [pid 5247] <... futex resumed>) = 1 [pid 5248] getdents64(-1, [pid 5247] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5248] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5248] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5247] <... futex resumed>) = 0 [pid 5249] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5248] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5247] exit_group(0 [pid 5248] <... futex resumed>) = ? [pid 5247] <... exit_group resumed>) = ? [pid 5249] <... futex resumed>) = ? [pid 5248] +++ exited with 0 +++ [pid 5249] +++ exited with 0 +++ [pid 5247] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5247, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 73.437685][ T5248] loop0: detected capacity change from 0 to 256 [ 73.448494][ T5248] exfat: Deprecated parameter 'utf8' [ 73.459448][ T5248] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) unlink("./56/binderfs") = 0 umount2("./56/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./56/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./56/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./56/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5250 attached , child_tidptr=0x555556b3a6d0) = 5250 [pid 5250] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5250] chdir("./57") = 0 [pid 5250] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5250] setpgid(0, 0) = 0 [pid 5250] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5250] write(3, "1000", 4) = 4 [pid 5250] close(3) = 0 [pid 5250] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5250] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5250] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5250] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5251 attached [pid 5251] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5251] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5250] <... clone resumed>, parent_tid=[5251], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5251 [pid 5250] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5251] <... futex resumed>) = 0 [pid 5250] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5251] memfd_create("syzkaller", 0) = 3 [pid 5251] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5251] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5251] munmap(0x7f2656609000, 131072) = 0 [pid 5251] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5251] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5251] close(3) = 0 [pid 5251] mkdir("./file2", 0777) = 0 [pid 5251] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5251] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5251] chdir("./file2") = 0 [pid 5251] ioctl(4, LOOP_CLR_FD) = 0 [pid 5251] close(4) = 0 [pid 5251] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5250] <... futex resumed>) = 0 [pid 5250] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5251] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5251] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5250] <... futex resumed>) = 0 [pid 5250] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5251] <... futex resumed>) = 1 [pid 5251] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5251] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5250] <... futex resumed>) = 0 [pid 5250] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5251] <... futex resumed>) = 1 [pid 5251] write(4, "\x00\x00", 2) = 2 [pid 5251] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5250] <... futex resumed>) = 0 [pid 5250] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5250] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5250] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5252], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5252 [pid 5250] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5251] <... futex resumed>) = 1 [pid 5251] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5251] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5252 attached [pid 5252] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5252] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5252] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5252] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5250] <... futex resumed>) = 0 [pid 5250] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... futex resumed>) = 0 [pid 5250] <... futex resumed>) = 1 [pid 5251] getdents64(-1, [pid 5250] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5251] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5251] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5250] <... futex resumed>) = 0 [pid 5251] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5250] exit_group(0 [pid 5251] <... futex resumed>) = ? [pid 5250] <... exit_group resumed>) = ? [pid 5251] +++ exited with 0 +++ [pid 5252] +++ exited with 0 +++ [pid 5250] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5250, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./57/binderfs") = 0 [ 73.571688][ T5251] loop0: detected capacity change from 0 to 256 [ 73.582998][ T5251] exfat: Deprecated parameter 'utf8' [ 73.593797][ T5251] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./57/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./57/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./57/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./57/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5253 ./strace-static-x86_64: Process 5253 attached [pid 5253] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5253] chdir("./58") = 0 [pid 5253] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5253] setpgid(0, 0) = 0 [pid 5253] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5253] write(3, "1000", 4) = 4 [pid 5253] close(3) = 0 [pid 5253] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5253] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5253] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5253] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5254], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5254 [pid 5253] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5254 attached [pid 5254] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5254] memfd_create("syzkaller", 0) = 3 [pid 5254] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5254] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5254] munmap(0x7f2656609000, 131072) = 0 [pid 5254] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5254] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5254] close(3) = 0 [pid 5254] mkdir("./file2", 0777) = 0 [pid 5254] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5254] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5254] chdir("./file2") = 0 [pid 5254] ioctl(4, LOOP_CLR_FD) = 0 [pid 5254] close(4) = 0 [pid 5254] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5253] <... futex resumed>) = 0 [pid 5254] <... futex resumed>) = 1 [pid 5253] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5254] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5254] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5253] <... futex resumed>) = 0 [pid 5254] <... futex resumed>) = 1 [pid 5253] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5254] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5253] <... futex resumed>) = 0 [pid 5253] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5254] <... openat resumed>) = 5 [pid 5254] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5253] <... futex resumed>) = 0 [pid 5254] <... futex resumed>) = 1 [pid 5253] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5254] write(4, "\x00\x00", 2) = 2 [pid 5254] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5253] <... futex resumed>) = 0 [pid 5254] <... futex resumed>) = 1 [pid 5253] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5253] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5253] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5255], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5255 [pid 5253] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5254] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 ./strace-static-x86_64: Process 5255 attached [pid 5255] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5255] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5255] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5255] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5253] <... futex resumed>) = 0 [pid 5253] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5255] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5255] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5253] <... futex resumed>) = 0 [pid 5255] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5254] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] exit_group(0 [pid 5255] <... futex resumed>) = ? [ 73.676611][ T5254] loop0: detected capacity change from 0 to 256 [ 73.683173][ T5080] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 73.687077][ T5254] exfat: Deprecated parameter 'utf8' [ 73.704204][ T5254] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5253] <... exit_group resumed>) = ? [pid 5255] +++ exited with 0 +++ [pid 5254] +++ exited with 0 +++ [pid 5253] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5253, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./58/binderfs") = 0 umount2("./58/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./58/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./58/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./58/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5256 ./strace-static-x86_64: Process 5256 attached [pid 5256] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5256] chdir("./59") = 0 [pid 5256] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5256] setpgid(0, 0) = 0 [pid 5256] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5256] write(3, "1000", 4) = 4 [pid 5256] close(3) = 0 [pid 5256] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5256] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5256] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5256] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5256] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5257 attached , parent_tid=[5257], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5257 [pid 5257] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5257] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5257] <... futex resumed>) = 0 [pid 5256] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5257] memfd_create("syzkaller", 0) = 3 [pid 5257] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5257] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5257] munmap(0x7f2656609000, 131072) = 0 [pid 5257] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5257] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5257] close(3) = 0 [pid 5257] mkdir("./file2", 0777) = 0 [pid 5257] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5257] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5257] chdir("./file2") = 0 [pid 5257] ioctl(4, LOOP_CLR_FD) = 0 [pid 5257] close(4) = 0 [pid 5257] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5256] <... futex resumed>) = 0 [pid 5257] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... futex resumed>) = 0 [pid 5256] <... futex resumed>) = 1 [pid 5257] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5256] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5256] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5257] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... futex resumed>) = 0 [pid 5256] <... futex resumed>) = 1 [pid 5257] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5256] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] <... openat resumed>) = 5 [pid 5257] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5256] <... futex resumed>) = 0 [pid 5257] write(4, "\x00\x00", 2 [pid 5256] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... write resumed>) = 2 [pid 5256] <... futex resumed>) = 0 [pid 5256] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5256] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5257] <... futex resumed>) = 0 [pid 5256] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5256] <... futex resumed>) = 0 [pid 5257] <... mmap resumed>) = 0x20000000 [pid 5256] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5257] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5256] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5257] <... futex resumed>) = 0 [pid 5257] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] <... mmap resumed>) = 0x7f2656608000 [pid 5256] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5256] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5258], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5258 ./strace-static-x86_64: Process 5258 attached [pid 5256] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5258] set_robust_list(0x7f26566289e0, 24 [pid 5256] <... futex resumed>) = 0 [pid 5256] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5258] <... set_robust_list resumed>) = 0 [pid 5258] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5258] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5258] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5256] <... futex resumed>) = 0 [pid 5256] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... futex resumed>) = 0 [pid 5256] <... futex resumed>) = 1 [pid 5257] getdents64(-1, [pid 5256] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5257] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5258] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5257] <... futex resumed>) = 1 [pid 5256] <... futex resumed>) = 0 [pid 5257] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] exit_group(0 [pid 5257] <... futex resumed>) = ? [pid 5256] <... exit_group resumed>) = ? [pid 5257] +++ exited with 0 +++ [pid 5258] <... futex resumed>) = ? [pid 5258] +++ exited with 0 +++ [pid 5256] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5256, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./59/binderfs") = 0 [ 73.814464][ T5257] loop0: detected capacity change from 0 to 256 [ 73.824133][ T5257] exfat: Deprecated parameter 'utf8' [ 73.835651][ T5257] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./59/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./59/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./59/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./59/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5259 ./strace-static-x86_64: Process 5259 attached [pid 5259] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5259] chdir("./60") = 0 [pid 5259] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5259] setpgid(0, 0) = 0 [pid 5259] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5259] write(3, "1000", 4) = 4 [pid 5259] close(3) = 0 [pid 5259] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5259] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5259] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5259] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5259] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5260 attached , parent_tid=[5260], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5260 [pid 5259] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5259] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5260] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5260] memfd_create("syzkaller", 0) = 3 [pid 5260] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5260] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5260] munmap(0x7f2656609000, 131072) = 0 [pid 5260] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5260] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5260] close(3) = 0 [pid 5260] mkdir("./file2", 0777) = 0 [pid 5260] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5260] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5260] chdir("./file2") = 0 [pid 5260] ioctl(4, LOOP_CLR_FD) = 0 [pid 5260] close(4) = 0 [pid 5260] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] <... futex resumed>) = 0 [pid 5259] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5259] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5260] <... futex resumed>) = 1 [pid 5260] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5260] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] <... futex resumed>) = 0 [pid 5259] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5259] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5260] <... futex resumed>) = 1 [pid 5260] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5260] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5259] <... futex resumed>) = 0 [pid 5259] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5259] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5260] write(4, "\x00\x00", 2) = 2 [pid 5260] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5259] <... futex resumed>) = 0 [pid 5259] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5259] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5259] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5260] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5259] <... mmap resumed>) = 0x7f2656608000 [pid 5260] <... mmap resumed>) = 0x20000000 [pid 5259] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5260] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5260] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5259] <... mprotect resumed>) = 0 [pid 5259] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5261 attached , parent_tid=[5261], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5261 [pid 5261] set_robust_list(0x7f26566289e0, 24 [pid 5259] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5259] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5261] <... set_robust_list resumed>) = 0 [pid 5261] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5261] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5261] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] <... futex resumed>) = 0 [pid 5259] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5260] <... futex resumed>) = 0 [pid 5259] <... futex resumed>) = 1 [pid 5261] <... futex resumed>) = 1 [pid 5260] getdents64(-1, [pid 5259] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5261] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5260] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5260] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5259] <... futex resumed>) = 0 [pid 5260] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5259] exit_group(0 [pid 5261] <... futex resumed>) = ? [pid 5260] <... futex resumed>) = ? [pid 5259] <... exit_group resumed>) = ? [pid 5261] +++ exited with 0 +++ [pid 5260] +++ exited with 0 +++ [pid 5259] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5259, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./60/binderfs") = 0 [ 73.939744][ T5260] loop0: detected capacity change from 0 to 256 [ 73.949019][ T5260] exfat: Deprecated parameter 'utf8' [ 73.961148][ T5260] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./60/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./60/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./60/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./60/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5262 ./strace-static-x86_64: Process 5262 attached [pid 5262] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5262] chdir("./61") = 0 [pid 5262] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5262] setpgid(0, 0) = 0 [pid 5262] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5262] write(3, "1000", 4) = 4 [pid 5262] close(3) = 0 [pid 5262] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5262] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5262] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5262] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5262] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5263 attached [pid 5263] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5263] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5262] <... clone resumed>, parent_tid=[5263], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5263 [pid 5262] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5263] <... futex resumed>) = 0 [pid 5263] memfd_create("syzkaller", 0 [pid 5262] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5263] <... memfd_create resumed>) = 3 [pid 5263] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5263] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5263] munmap(0x7f2656609000, 131072) = 0 [pid 5263] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5263] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5263] close(3) = 0 [pid 5263] mkdir("./file2", 0777) = 0 [pid 5263] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5263] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5263] chdir("./file2") = 0 [pid 5263] ioctl(4, LOOP_CLR_FD) = 0 [pid 5263] close(4) = 0 [pid 5263] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5262] <... futex resumed>) = 0 [pid 5262] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5262] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5263] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] <... futex resumed>) = 0 [pid 5262] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5262] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] <... futex resumed>) = 1 [pid 5263] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5263] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] <... futex resumed>) = 0 [pid 5262] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5262] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] <... futex resumed>) = 1 [pid 5263] write(4, "\x00\x00", 2) = 2 [pid 5263] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] <... futex resumed>) = 0 [pid 5262] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5262] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5262] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5262] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5262] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5264], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5264 [pid 5262] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5262] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] <... futex resumed>) = 1 [pid 5263] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0./strace-static-x86_64: Process 5264 attached ) = 0x20000000 [pid 5264] set_robust_list(0x7f26566289e0, 24 [pid 5263] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5264] <... set_robust_list resumed>) = 0 [pid 5264] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5264] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5264] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] <... futex resumed>) = 0 [pid 5262] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5262] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] <... futex resumed>) = 0 [pid 5263] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5263] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] <... futex resumed>) = 0 [pid 5262] exit_group(0) = ? [pid 5263] <... futex resumed>) = ? [pid 5263] +++ exited with 0 +++ [pid 5264] <... futex resumed>) = ? [pid 5264] +++ exited with 0 +++ [pid 5262] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5262, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./61/binderfs") = 0 [ 74.074878][ T5263] loop0: detected capacity change from 0 to 256 [ 74.084460][ T5263] exfat: Deprecated parameter 'utf8' [ 74.094328][ T5263] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./61/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./61/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./61/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./61/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5265 ./strace-static-x86_64: Process 5265 attached [pid 5265] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5265] chdir("./62") = 0 [pid 5265] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5265] setpgid(0, 0) = 0 [pid 5265] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5265] write(3, "1000", 4) = 4 [pid 5265] close(3) = 0 [pid 5265] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5265] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5265] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5265] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5265] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5266], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5266 [pid 5265] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5265] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5266 attached [pid 5266] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5266] memfd_create("syzkaller", 0) = 3 [pid 5266] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5266] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5266] munmap(0x7f2656609000, 131072) = 0 [pid 5266] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5266] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5266] close(3) = 0 [pid 5266] mkdir("./file2", 0777) = 0 [pid 5266] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5266] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5266] chdir("./file2") = 0 [pid 5266] ioctl(4, LOOP_CLR_FD) = 0 [pid 5266] close(4) = 0 [pid 5266] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5265] <... futex resumed>) = 0 [pid 5266] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5265] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5266] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5265] <... futex resumed>) = 0 [pid 5266] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5265] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5266] <... openat resumed>) = 4 [pid 5266] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5265] <... futex resumed>) = 0 [pid 5266] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5265] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5266] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5265] <... futex resumed>) = 0 [pid 5266] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5265] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5266] <... openat resumed>) = 5 [pid 5266] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5265] <... futex resumed>) = 0 [pid 5266] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5265] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5266] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5265] <... futex resumed>) = 0 [pid 5266] write(4, "\x00\x00", 2 [pid 5265] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5266] <... write resumed>) = 2 [pid 5266] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5265] <... futex resumed>) = 0 [pid 5266] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5265] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5266] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5265] <... futex resumed>) = 0 [pid 5266] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5265] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5266] <... mmap resumed>) = 0x20000000 [pid 5265] <... futex resumed>) = 0 [pid 5266] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5265] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5266] <... futex resumed>) = 0 [pid 5265] <... mmap resumed>) = 0x7f2656608000 [pid 5266] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5265] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5265] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5267 attached , parent_tid=[5267], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5267 [pid 5265] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5265] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5267] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5267] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5267] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5267] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5265] <... futex resumed>) = 0 [pid 5267] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5265] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5266] <... futex resumed>) = 0 [pid 5265] <... futex resumed>) = 1 [pid 5266] getdents64(-1, [pid 5265] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5266] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5266] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5265] <... futex resumed>) = 0 [pid 5266] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5265] exit_group(0 [pid 5267] <... futex resumed>) = ? [pid 5266] <... futex resumed>) = ? [pid 5265] <... exit_group resumed>) = ? [pid 5267] +++ exited with 0 +++ [pid 5266] +++ exited with 0 +++ [pid 5265] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5265, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./62/binderfs") = 0 umount2("./62/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./62/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./62/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./62/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 [ 74.199217][ T5266] loop0: detected capacity change from 0 to 256 [ 74.208707][ T5266] exfat: Deprecated parameter 'utf8' [ 74.218773][ T5266] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) rmdir("./62/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5268 ./strace-static-x86_64: Process 5268 attached [pid 5268] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5268] chdir("./63") = 0 [pid 5268] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5268] setpgid(0, 0) = 0 [pid 5268] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5268] write(3, "1000", 4) = 4 [pid 5268] close(3) = 0 [pid 5268] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5268] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5268] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5268] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5268] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5269], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5269 [pid 5268] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5268] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5269 attached [pid 5269] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5269] memfd_create("syzkaller", 0) = 3 [pid 5269] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5269] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5269] munmap(0x7f2656609000, 131072) = 0 [pid 5269] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5269] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5269] close(3) = 0 [pid 5269] mkdir("./file2", 0777) = 0 [pid 5269] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5269] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5269] chdir("./file2") = 0 [pid 5269] ioctl(4, LOOP_CLR_FD) = 0 [pid 5269] close(4) = 0 [pid 5269] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5268] <... futex resumed>) = 0 [pid 5268] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5268] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5269] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5269] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5268] <... futex resumed>) = 0 [pid 5268] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5268] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5269] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5269] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] <... futex resumed>) = 0 [pid 5268] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5268] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5269] <... futex resumed>) = 1 [pid 5269] write(4, "\x00\x00", 2) = 2 [pid 5269] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] <... futex resumed>) = 0 [pid 5268] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5268] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5268] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5268] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5268] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5270], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5270 ./strace-static-x86_64: Process 5270 attached [pid 5268] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5268] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5269] <... futex resumed>) = 1 [pid 5269] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5270] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5269] <... mmap resumed>) = 0x20000000 [pid 5270] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5269] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5270] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5270] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5268] <... futex resumed>) = 0 [pid 5268] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] <... futex resumed>) = 0 [pid 5268] <... futex resumed>) = 1 [pid 5269] getdents64(-1, [pid 5268] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5269] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5269] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5268] <... futex resumed>) = 0 [pid 5269] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5268] exit_group(0 [pid 5269] <... futex resumed>) = ? [pid 5268] <... exit_group resumed>) = ? [pid 5269] +++ exited with 0 +++ [pid 5270] +++ exited with 0 +++ [pid 5268] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5268, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 74.311475][ T5269] loop0: detected capacity change from 0 to 256 [ 74.312896][ T5080] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 74.333009][ T5269] exfat: Deprecated parameter 'utf8' [ 74.343831][ T5269] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./63/binderfs") = 0 umount2("./63/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./63/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./63/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./63/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5271 ./strace-static-x86_64: Process 5271 attached [pid 5271] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5271] chdir("./64") = 0 [pid 5271] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5271] setpgid(0, 0) = 0 [pid 5271] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5271] write(3, "1000", 4) = 4 [pid 5271] close(3) = 0 [pid 5271] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5271] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5271] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5271] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5271] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5272 attached , parent_tid=[5272], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5272 [pid 5272] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5272] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5271] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5272] <... futex resumed>) = 0 [pid 5272] memfd_create("syzkaller", 0 [pid 5271] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5272] <... memfd_create resumed>) = 3 [pid 5272] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5272] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5272] munmap(0x7f2656609000, 131072) = 0 [pid 5272] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5272] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5272] close(3) = 0 [pid 5272] mkdir("./file2", 0777) = 0 [pid 5272] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5272] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5272] chdir("./file2") = 0 [pid 5272] ioctl(4, LOOP_CLR_FD) = 0 [pid 5272] close(4) = 0 [pid 5272] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5271] <... futex resumed>) = 0 [pid 5272] <... futex resumed>) = 1 [pid 5271] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5271] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5272] <... openat resumed>) = 4 [pid 5272] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5271] <... futex resumed>) = 0 [pid 5271] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5271] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5272] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5272] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5271] <... futex resumed>) = 0 [pid 5272] write(4, "\x00\x00", 2 [pid 5271] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5271] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5272] <... write resumed>) = 2 [pid 5272] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5271] <... futex resumed>) = 0 [pid 5271] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5272] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5271] <... futex resumed>) = 0 [pid 5271] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] <... mmap resumed>) = 0x20000000 [pid 5271] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5271] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5272] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5271] <... mprotect resumed>) = 0 [pid 5271] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5272] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5273 attached [pid 5271] <... clone resumed>, parent_tid=[5273], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5273 [pid 5272] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5271] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5271] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5273] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5273] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5273] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5271] <... futex resumed>) = 0 [pid 5271] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5272] <... futex resumed>) = 0 [pid 5271] <... futex resumed>) = 1 [pid 5272] getdents64(-1, [pid 5271] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5272] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5272] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5271] <... futex resumed>) = 0 [pid 5272] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5271] exit_group(0 [pid 5272] <... futex resumed>) = ? [pid 5271] <... exit_group resumed>) = ? [pid 5272] +++ exited with 0 +++ [pid 5273] +++ exited with 0 +++ [pid 5271] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5271, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./64/binderfs") = 0 umount2("./64/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./64/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./64/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./64/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 74.449880][ T5272] loop0: detected capacity change from 0 to 256 [ 74.458476][ T5272] exfat: Deprecated parameter 'utf8' [ 74.469963][ T5272] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5274 ./strace-static-x86_64: Process 5274 attached [pid 5274] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5274] chdir("./65") = 0 [pid 5274] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5274] setpgid(0, 0) = 0 [pid 5274] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5274] write(3, "1000", 4) = 4 [pid 5274] close(3) = 0 [pid 5274] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5274] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5274] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5274] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5274] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5275 attached , parent_tid=[5275], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5275 [pid 5275] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5275] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5274] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5275] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5274] <... futex resumed>) = 0 [pid 5274] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5275] memfd_create("syzkaller", 0) = 3 [pid 5275] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5275] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5275] munmap(0x7f2656609000, 131072) = 0 [pid 5275] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5275] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5275] close(3) = 0 [pid 5275] mkdir("./file2", 0777) = 0 [pid 5275] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5275] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5275] chdir("./file2") = 0 [pid 5275] ioctl(4, LOOP_CLR_FD) = 0 [pid 5275] close(4) = 0 [pid 5275] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] <... futex resumed>) = 0 [pid 5274] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5274] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5275] <... futex resumed>) = 1 [pid 5275] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5275] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] <... futex resumed>) = 0 [pid 5274] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5274] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5275] <... futex resumed>) = 1 [pid 5275] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5275] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] <... futex resumed>) = 0 [pid 5274] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5274] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5275] <... futex resumed>) = 1 [pid 5275] write(4, "\x00\x00", 2) = 2 [pid 5275] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] <... futex resumed>) = 0 [pid 5274] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5274] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5274] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5274] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5274] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5276], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5276 [pid 5274] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5274] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5275] <... futex resumed>) = 1 [pid 5275] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5275] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5276 attached [pid 5276] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5276] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5276] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5276] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] <... futex resumed>) = 0 [pid 5274] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5274] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5275] <... futex resumed>) = 0 [pid 5275] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5275] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5274] <... futex resumed>) = 0 [pid 5274] exit_group(0) = ? [pid 5275] +++ exited with 0 +++ [pid 5276] <... futex resumed>) = ? [pid 5276] +++ exited with 0 +++ [pid 5274] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5274, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./65/binderfs") = 0 umount2("./65/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./65/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./65/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./65/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5277 ./strace-static-x86_64: Process 5277 attached [pid 5277] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5277] chdir("./66") = 0 [ 74.566737][ T5275] loop0: detected capacity change from 0 to 256 [ 74.575656][ T5275] exfat: Deprecated parameter 'utf8' [ 74.586590][ T5275] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5277] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5277] setpgid(0, 0) = 0 [pid 5277] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5277] write(3, "1000", 4) = 4 [pid 5277] close(3) = 0 [pid 5277] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5277] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5277] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5277] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5277] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5278], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5278 ./strace-static-x86_64: Process 5278 attached [pid 5277] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5277] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5278] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5278] memfd_create("syzkaller", 0) = 3 [pid 5278] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5278] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5278] munmap(0x7f2656609000, 131072) = 0 [pid 5278] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5278] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5278] close(3) = 0 [pid 5278] mkdir("./file2", 0777) = 0 [pid 5278] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5278] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5278] chdir("./file2") = 0 [pid 5278] ioctl(4, LOOP_CLR_FD) = 0 [pid 5278] close(4) = 0 [pid 5278] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] <... futex resumed>) = 0 [pid 5277] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5277] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5278] <... futex resumed>) = 1 [pid 5278] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5278] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] <... futex resumed>) = 0 [pid 5278] <... futex resumed>) = 1 [pid 5277] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5277] <... futex resumed>) = 0 [pid 5277] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5278] <... openat resumed>) = 5 [pid 5278] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5277] <... futex resumed>) = 0 [pid 5278] write(4, "\x00\x00", 2 [pid 5277] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] <... write resumed>) = 2 [pid 5277] <... futex resumed>) = 0 [pid 5278] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5278] <... futex resumed>) = 0 [pid 5277] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5278] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5277] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] <... mmap resumed>) = 0x20000000 [pid 5277] <... futex resumed>) = 0 [pid 5277] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] <... futex resumed>) = 0 [pid 5278] <... futex resumed>) = 0 [pid 5277] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5278] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5277] <... mmap resumed>) = 0x7f2656608000 [pid 5277] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5277] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5279], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5279 [pid 5277] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5277] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5279 attached [pid 5279] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5279] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5279] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5279] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] <... futex resumed>) = 0 [pid 5277] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] <... futex resumed>) = 0 [pid 5277] <... futex resumed>) = 1 [pid 5278] getdents64(-1, [pid 5277] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5278] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5278] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5277] <... futex resumed>) = 0 [pid 5278] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5277] exit_group(0 [pid 5278] <... futex resumed>) = ? [pid 5277] <... exit_group resumed>) = ? [pid 5278] +++ exited with 0 +++ [pid 5279] <... futex resumed>) = ? [pid 5279] +++ exited with 0 +++ [pid 5277] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5277, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./66/binderfs") = 0 umount2("./66/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 74.674609][ T5278] loop0: detected capacity change from 0 to 256 [ 74.685266][ T5278] exfat: Deprecated parameter 'utf8' [ 74.695078][ T5278] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./66/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./66/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./66/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5280 ./strace-static-x86_64: Process 5280 attached [pid 5280] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5280] chdir("./67") = 0 [pid 5280] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5280] setpgid(0, 0) = 0 [pid 5280] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5280] write(3, "1000", 4) = 4 [pid 5280] close(3) = 0 [pid 5280] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5280] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5280] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5280] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5280] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5281 attached , parent_tid=[5281], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5281 [pid 5280] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5281] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5280] <... futex resumed>) = 0 [pid 5280] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5281] memfd_create("syzkaller", 0) = 3 [pid 5281] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5281] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5281] munmap(0x7f2656609000, 131072) = 0 [pid 5281] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5281] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5281] close(3) = 0 [pid 5281] mkdir("./file2", 0777) = 0 [pid 5281] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5281] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5281] chdir("./file2") = 0 [pid 5281] ioctl(4, LOOP_CLR_FD) = 0 [pid 5281] close(4) = 0 [pid 5281] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5280] <... futex resumed>) = 0 [pid 5281] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5280] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5280] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5281] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5281] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5281] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5280] <... futex resumed>) = 0 [pid 5281] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5280] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5281] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5280] <... futex resumed>) = 0 [pid 5281] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5280] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5281] <... openat resumed>) = 5 [pid 5281] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5280] <... futex resumed>) = 0 [pid 5281] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5280] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5281] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5280] <... futex resumed>) = 0 [pid 5281] write(4, "\x00\x00", 2 [pid 5280] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5281] <... write resumed>) = 2 [pid 5281] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5280] <... futex resumed>) = 0 [pid 5281] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5280] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5281] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5280] <... futex resumed>) = 0 [pid 5280] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5281] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5280] <... futex resumed>) = 0 [pid 5280] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5281] <... mmap resumed>) = 0x20000000 [pid 5280] <... mmap resumed>) = 0x7f2656608000 [pid 5281] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5280] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5281] <... futex resumed>) = 0 [pid 5281] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5280] <... mprotect resumed>) = 0 [pid 5280] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5282 attached , parent_tid=[5282], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5282 [pid 5282] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5282] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5280] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5282] <... futex resumed>) = 0 [pid 5282] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5282] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5282] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5282] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5280] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5280] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5281] <... futex resumed>) = 0 [pid 5280] <... futex resumed>) = 1 [pid 5281] getdents64(-1, [pid 5280] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5281] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5281] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5280] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5281] <... futex resumed>) = 0 [pid 5281] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5280] exit_group(0 [pid 5281] <... futex resumed>) = ? [pid 5282] <... futex resumed>) = ? [pid 5280] <... exit_group resumed>) = ? [pid 5281] +++ exited with 0 +++ [pid 5282] +++ exited with 0 +++ [pid 5280] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5280, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [ 74.796393][ T5281] loop0: detected capacity change from 0 to 256 [ 74.804888][ T5281] exfat: Deprecated parameter 'utf8' [ 74.815468][ T5281] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./67/binderfs") = 0 umount2("./67/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./67/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./67/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./67/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5283 ./strace-static-x86_64: Process 5283 attached [pid 5283] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5283] chdir("./68") = 0 [pid 5283] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5283] setpgid(0, 0) = 0 [pid 5283] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5283] write(3, "1000", 4) = 4 [pid 5283] close(3) = 0 [pid 5283] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5283] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5283] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5283] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5283] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5284 attached , parent_tid=[5284], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5284 [pid 5283] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5283] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5284] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5284] memfd_create("syzkaller", 0) = 3 [pid 5284] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5284] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5284] munmap(0x7f2656609000, 131072) = 0 [pid 5284] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5284] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5284] close(3) = 0 [pid 5284] mkdir("./file2", 0777) = 0 [pid 5284] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5284] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5284] chdir("./file2") = 0 [pid 5284] ioctl(4, LOOP_CLR_FD) = 0 [pid 5284] close(4) = 0 [pid 5284] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5283] <... futex resumed>) = 0 [pid 5284] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5283] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5283] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5284] <... openat resumed>) = 4 [pid 5284] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5283] <... futex resumed>) = 0 [pid 5283] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5283] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5284] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5284] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5283] <... futex resumed>) = 0 [pid 5283] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5283] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5284] write(4, "\x00\x00", 2) = 2 [pid 5284] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5283] <... futex resumed>) = 0 [pid 5283] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5283] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5283] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5283] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5283] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5285 attached , parent_tid=[5285], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5285 [pid 5285] set_robust_list(0x7f26566289e0, 24 [pid 5283] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5283] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5285] <... set_robust_list resumed>) = 0 [pid 5285] openat(AT_FDCWD, "", O_RDONLY [pid 5284] <... mmap resumed>) = 0x20000000 [pid 5284] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5285] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5285] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5284] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5283] <... futex resumed>) = 0 [pid 5285] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5284] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5283] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] getdents64(-1, [pid 5283] <... futex resumed>) = 0 [pid 5284] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5283] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5284] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5283] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5284] <... futex resumed>) = 0 [pid 5283] exit_group(0 [pid 5284] ???( [pid 5283] <... exit_group resumed>) = ? [pid 5284] <... ??? resumed>) = ? [pid 5285] <... futex resumed>) = ? [pid 5285] +++ exited with 0 +++ [pid 5284] +++ exited with 0 +++ [pid 5283] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5283, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./68/binderfs") = 0 [ 74.937488][ T5284] loop0: detected capacity change from 0 to 256 [ 74.947927][ T5284] exfat: Deprecated parameter 'utf8' [ 74.959203][ T5284] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./68/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./68/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./68/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./68/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5286 ./strace-static-x86_64: Process 5286 attached [pid 5286] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5286] chdir("./69") = 0 [pid 5286] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5286] setpgid(0, 0) = 0 [pid 5286] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5286] write(3, "1000", 4) = 4 [pid 5286] close(3) = 0 [pid 5286] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5286] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5286] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5286] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5286] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5287 attached [pid 5287] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5287] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5286] <... clone resumed>, parent_tid=[5287], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5287 [pid 5286] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] <... futex resumed>) = 0 [pid 5286] <... futex resumed>) = 1 [pid 5287] memfd_create("syzkaller", 0) = 3 [pid 5287] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5286] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5287] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5287] munmap(0x7f2656609000, 131072) = 0 [pid 5287] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5287] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5287] close(3) = 0 [pid 5287] mkdir("./file2", 0777) = 0 [pid 5287] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5287] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5287] chdir("./file2") = 0 [pid 5287] ioctl(4, LOOP_CLR_FD) = 0 [pid 5287] close(4) = 0 [pid 5287] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5286] <... futex resumed>) = 0 [pid 5287] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5286] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5286] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5287] <... openat resumed>) = 4 [pid 5287] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5286] <... futex resumed>) = 0 [pid 5287] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5286] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5286] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5287] <... openat resumed>) = 5 [pid 5287] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5286] <... futex resumed>) = 0 [pid 5287] write(4, "\x00\x00", 2 [pid 5286] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] <... write resumed>) = 2 [pid 5286] <... futex resumed>) = 0 [pid 5287] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5286] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5287] <... futex resumed>) = 0 [pid 5286] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5287] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5286] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] <... mmap resumed>) = 0x20000000 [pid 5286] <... futex resumed>) = 0 [pid 5287] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5286] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] <... futex resumed>) = 0 [pid 5286] <... futex resumed>) = 0 [pid 5287] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5286] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5286] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5286] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5288], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5288 ./strace-static-x86_64: Process 5288 attached [pid 5286] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5286] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5288] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5288] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5288] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5286] <... futex resumed>) = 0 [pid 5286] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] <... futex resumed>) = 0 [pid 5286] <... futex resumed>) = 1 [pid 5288] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5287] getdents64(-1, [pid 5286] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5287] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5287] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5286] <... futex resumed>) = 0 [pid 5287] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5286] exit_group(0 [pid 5287] <... futex resumed>) = ? [pid 5286] <... exit_group resumed>) = ? [pid 5288] <... futex resumed>) = ? [pid 5287] +++ exited with 0 +++ [pid 5288] +++ exited with 0 +++ [pid 5286] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5286, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./69/binderfs") = 0 [ 75.069945][ T5287] loop0: detected capacity change from 0 to 256 [ 75.080398][ T5287] exfat: Deprecated parameter 'utf8' [ 75.090213][ T5287] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./69/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./69/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./69/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./69/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5289 ./strace-static-x86_64: Process 5289 attached [pid 5289] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5289] chdir("./70") = 0 [pid 5289] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5289] setpgid(0, 0) = 0 [pid 5289] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5289] write(3, "1000", 4) = 4 [pid 5289] close(3) = 0 [pid 5289] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5289] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5289] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5289] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5290 attached [pid 5290] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5290] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5289] <... clone resumed>, parent_tid=[5290], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5290 [pid 5289] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5290] <... futex resumed>) = 0 [pid 5289] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5290] memfd_create("syzkaller", 0) = 3 [pid 5290] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5290] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5290] munmap(0x7f2656609000, 131072) = 0 [pid 5290] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5290] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5290] close(3) = 0 [pid 5290] mkdir("./file2", 0777) = 0 [pid 5290] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5290] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5290] chdir("./file2") = 0 [pid 5290] ioctl(4, LOOP_CLR_FD) = 0 [pid 5290] close(4) = 0 [pid 5290] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5289] <... futex resumed>) = 0 [pid 5289] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5290] <... futex resumed>) = 1 [pid 5290] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5290] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5289] <... futex resumed>) = 0 [pid 5289] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5290] <... futex resumed>) = 1 [pid 5290] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5290] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5289] <... futex resumed>) = 0 [pid 5289] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5290] <... futex resumed>) = 1 [pid 5290] write(4, "\x00\x00", 2) = 2 [pid 5290] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5289] <... futex resumed>) = 0 [pid 5289] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5289] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5289] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5291], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5291 [pid 5289] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5290] <... futex resumed>) = 1 [pid 5290] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5290] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5290] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5291 attached [pid 5291] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5291] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5291] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5291] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5289] <... futex resumed>) = 0 [pid 5289] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5290] <... futex resumed>) = 0 [pid 5289] <... futex resumed>) = 1 [pid 5290] getdents64(-1, [pid 5289] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5290] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5290] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5289] <... futex resumed>) = 0 [pid 5291] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5290] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5289] exit_group(0 [pid 5290] <... futex resumed>) = ? [pid 5289] <... exit_group resumed>) = ? [pid 5291] <... futex resumed>) = ? [pid 5290] +++ exited with 0 +++ [pid 5291] +++ exited with 0 +++ [pid 5289] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5289, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./70/binderfs") = 0 umount2("./70/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./70/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./70/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./70/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 [ 75.181761][ T5290] loop0: detected capacity change from 0 to 256 [ 75.191448][ T5290] exfat: Deprecated parameter 'utf8' [ 75.201539][ T5290] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5292 ./strace-static-x86_64: Process 5292 attached [pid 5292] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5292] chdir("./71") = 0 [pid 5292] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5292] setpgid(0, 0) = 0 [pid 5292] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5292] write(3, "1000", 4) = 4 [pid 5292] close(3) = 0 [pid 5292] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5292] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5292] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5292] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5292] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5293 attached , parent_tid=[5293], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5293 [pid 5293] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5293] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5292] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5293] <... futex resumed>) = 0 [pid 5292] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5293] memfd_create("syzkaller", 0) = 3 [pid 5293] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5293] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5293] munmap(0x7f2656609000, 131072) = 0 [pid 5293] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5293] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5293] close(3) = 0 [pid 5293] mkdir("./file2", 0777) = 0 [pid 5293] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5293] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5293] chdir("./file2") = 0 [pid 5293] ioctl(4, LOOP_CLR_FD) = 0 [pid 5293] close(4) = 0 [pid 5293] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5292] <... futex resumed>) = 0 [pid 5292] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5292] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5293] <... futex resumed>) = 1 [pid 5293] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5293] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5292] <... futex resumed>) = 0 [pid 5292] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5292] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5293] <... futex resumed>) = 1 [pid 5293] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5293] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5292] <... futex resumed>) = 0 [pid 5292] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5292] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5293] <... futex resumed>) = 1 [ 75.301571][ T5293] loop0: detected capacity change from 0 to 256 [ 75.320407][ T5293] exfat: Deprecated parameter 'utf8' [ 75.331359][ T5293] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5293] write(4, "\x00\x00", 2) = 2 [pid 5293] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5292] <... futex resumed>) = 0 [pid 5293] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5292] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5292] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5292] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5292] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5292] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5294], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5294 ./strace-static-x86_64: Process 5294 attached [pid 5292] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5292] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5293] <... futex resumed>) = 0 [pid 5293] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5294] set_robust_list(0x7f26566289e0, 24 [pid 5293] <... mmap resumed>) = 0x20000000 [pid 5293] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5293] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5294] <... set_robust_list resumed>) = 0 [pid 5294] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5294] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5294] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5292] <... futex resumed>) = 0 [pid 5292] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5292] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5293] <... futex resumed>) = 0 [pid 5293] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5293] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5292] <... futex resumed>) = 0 [pid 5292] exit_group(0) = ? [pid 5293] <... futex resumed>) = ? [pid 5293] +++ exited with 0 +++ [pid 5294] <... futex resumed>) = ? [pid 5294] +++ exited with 0 +++ [pid 5292] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5292, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./71/binderfs") = 0 umount2("./71/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./71/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./71/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./71/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5295 ./strace-static-x86_64: Process 5295 attached [pid 5295] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5295] chdir("./72") = 0 [pid 5295] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5295] setpgid(0, 0) = 0 [pid 5295] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5295] write(3, "1000", 4) = 4 [pid 5295] close(3) = 0 [pid 5295] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5295] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5295] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5295] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5295] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5296], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5296 [pid 5295] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5295] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5296 attached [pid 5296] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5296] memfd_create("syzkaller", 0) = 3 [pid 5296] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5296] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5296] munmap(0x7f2656609000, 131072) = 0 [pid 5296] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5296] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5296] close(3) = 0 [pid 5296] mkdir("./file2", 0777) = 0 [pid 5296] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5296] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5296] chdir("./file2") = 0 [pid 5296] ioctl(4, LOOP_CLR_FD) = 0 [pid 5296] close(4) = 0 [pid 5296] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5295] <... futex resumed>) = 0 [pid 5296] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5295] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5295] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5296] <... openat resumed>) = 4 [pid 5296] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5295] <... futex resumed>) = 0 [pid 5296] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5295] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] <... openat resumed>) = 5 [pid 5295] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5296] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5295] <... futex resumed>) = 0 [pid 5296] write(4, "\x00\x00", 2 [pid 5295] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] <... write resumed>) = 2 [pid 5295] <... futex resumed>) = 0 [pid 5296] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5295] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5296] <... futex resumed>) = 0 [pid 5295] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5296] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5295] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] <... mmap resumed>) = 0x20000000 [pid 5295] <... futex resumed>) = 0 [pid 5296] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5295] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] <... futex resumed>) = 0 [pid 5295] <... futex resumed>) = 0 [pid 5296] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5295] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5295] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5295] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5297 attached , parent_tid=[5297], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5297 [pid 5295] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5295] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5297] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5297] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5297] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5297] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5295] <... futex resumed>) = 0 [pid 5297] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5295] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] <... futex resumed>) = 0 [pid 5295] <... futex resumed>) = 1 [pid 5296] getdents64(-1, [pid 5295] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5296] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5296] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5295] <... futex resumed>) = 0 [pid 5296] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5295] exit_group(0 [pid 5297] <... futex resumed>) = ? [pid 5296] <... futex resumed>) = ? [pid 5295] <... exit_group resumed>) = ? [pid 5297] +++ exited with 0 +++ [pid 5296] +++ exited with 0 +++ [pid 5295] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5295, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./72/binderfs") = 0 umount2("./72/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./72/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 75.433830][ T5296] loop0: detected capacity change from 0 to 256 [ 75.443653][ T5296] exfat: Deprecated parameter 'utf8' [ 75.454144][ T5296] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) lstat("./72/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./72/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5298 ./strace-static-x86_64: Process 5298 attached [pid 5298] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5298] chdir("./73") = 0 [pid 5298] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5298] setpgid(0, 0) = 0 [pid 5298] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5298] write(3, "1000", 4) = 4 [pid 5298] close(3) = 0 [pid 5298] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5298] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5298] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5298] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5298] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5299], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5299 ./strace-static-x86_64: Process 5299 attached [pid 5299] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5299] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5298] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... futex resumed>) = 0 [pid 5298] <... futex resumed>) = 1 [pid 5298] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5299] memfd_create("syzkaller", 0) = 3 [pid 5299] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5299] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5299] munmap(0x7f2656609000, 131072) = 0 [pid 5299] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5299] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5299] close(3) = 0 [pid 5299] mkdir("./file2", 0777) = 0 [pid 5299] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5299] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5299] chdir("./file2") = 0 [pid 5299] ioctl(4, LOOP_CLR_FD) = 0 [pid 5299] close(4) = 0 [pid 5299] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5298] <... futex resumed>) = 0 [pid 5299] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5298] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5298] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5299] <... openat resumed>) = 4 [pid 5299] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5298] <... futex resumed>) = 0 [pid 5299] <... futex resumed>) = 1 [pid 5299] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5298] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5298] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5299] <... openat resumed>) = 5 [pid 5299] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5298] <... futex resumed>) = 0 [pid 5298] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5298] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5299] write(4, "\x00\x00", 2) = 2 [pid 5299] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5298] <... futex resumed>) = 0 [pid 5298] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5298] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5298] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5298] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5298] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5300 attached , parent_tid=[5300], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5300 [pid 5300] set_robust_list(0x7f26566289e0, 24 [pid 5298] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5300] <... set_robust_list resumed>) = 0 [pid 5298] <... futex resumed>) = 0 [pid 5298] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5299] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5300] <... openat resumed>) = 6 [pid 5300] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... mmap resumed>) = 0x20000000 [pid 5298] <... futex resumed>) = 0 [pid 5298] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5298] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5299] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5300] <... futex resumed>) = 1 [pid 5299] <... futex resumed>) = 0 [pid 5300] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 5300] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5298] <... futex resumed>) = 0 [pid 5298] exit_group(0) = ? [pid 5300] <... futex resumed>) = ? [pid 5300] +++ exited with 0 +++ [pid 5299] +++ exited with 0 +++ [pid 5298] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5298, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./73/binderfs") = 0 [ 75.564534][ T5299] loop0: detected capacity change from 0 to 256 [ 75.575399][ T5299] exfat: Deprecated parameter 'utf8' [ 75.585324][ T5299] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./73/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./73/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./73/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./73/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5301 ./strace-static-x86_64: Process 5301 attached [pid 5301] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5301] chdir("./74") = 0 [pid 5301] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5301] setpgid(0, 0) = 0 [pid 5301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5301] write(3, "1000", 4) = 4 [pid 5301] close(3) = 0 [pid 5301] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5301] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5301] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5301] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5301] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5302], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5302 [pid 5301] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5301] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5302 attached [pid 5302] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5302] memfd_create("syzkaller", 0) = 3 [pid 5302] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5302] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5302] munmap(0x7f2656609000, 131072) = 0 [pid 5302] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5302] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5302] close(3) = 0 [pid 5302] mkdir("./file2", 0777) = 0 [pid 5302] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5302] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5302] chdir("./file2") = 0 [pid 5302] ioctl(4, LOOP_CLR_FD) = 0 [pid 5302] close(4) = 0 [pid 5302] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5301] <... futex resumed>) = 0 [pid 5302] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5301] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5301] <... futex resumed>) = 0 [pid 5301] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5302] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5302] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5301] <... futex resumed>) = 0 [pid 5301] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5301] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5302] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5302] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5301] <... futex resumed>) = 0 [pid 5301] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] write(4, "\x00\x00", 2 [pid 5301] <... futex resumed>) = 0 [pid 5301] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5302] <... write resumed>) = 2 [pid 5302] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5301] <... futex resumed>) = 0 [pid 5301] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5301] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5301] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5302] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5301] <... mmap resumed>) = 0x7f2656608000 [pid 5301] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5302] <... mmap resumed>) = 0x20000000 [pid 5301] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5302] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5301] <... clone resumed>, parent_tid=[5303], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5303 [pid 5301] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5302] <... futex resumed>) = 0 [pid 5301] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5302] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5303 attached [pid 5303] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5303] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5303] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5303] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5301] <... futex resumed>) = 0 [pid 5301] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5302] <... futex resumed>) = 0 [pid 5301] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5302] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5303] <... futex resumed>) = 1 [pid 5302] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5303] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5302] <... futex resumed>) = 1 [pid 5301] <... futex resumed>) = 0 [pid 5302] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5301] exit_group(0) = ? [pid 5302] <... futex resumed>) = ? [pid 5302] +++ exited with 0 +++ [pid 5303] <... futex resumed>) = ? [pid 5303] +++ exited with 0 +++ [pid 5301] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5301, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./74/binderfs") = 0 [ 75.680546][ T5302] loop0: detected capacity change from 0 to 256 [ 75.690292][ T5302] exfat: Deprecated parameter 'utf8' [ 75.701208][ T5302] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./74/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./74/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./74/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./74/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5304 ./strace-static-x86_64: Process 5304 attached [pid 5304] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5304] chdir("./75") = 0 [pid 5304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5304] setpgid(0, 0) = 0 [pid 5304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5304] write(3, "1000", 4) = 4 [pid 5304] close(3) = 0 [pid 5304] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5304] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5304] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5304] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5304] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5305 attached , parent_tid=[5305], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5305 [pid 5304] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5305] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5305] memfd_create("syzkaller", 0) = 3 [pid 5304] <... futex resumed>) = 0 [pid 5305] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5304] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5305] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5305] munmap(0x7f2656609000, 131072) = 0 [pid 5305] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5305] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5305] close(3) = 0 [pid 5305] mkdir("./file2", 0777) = 0 [pid 5305] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5305] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5305] chdir("./file2") = 0 [pid 5305] ioctl(4, LOOP_CLR_FD) = 0 [pid 5305] close(4) = 0 [pid 5305] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] <... futex resumed>) = 0 [pid 5304] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5304] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5305] <... futex resumed>) = 1 [pid 5305] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5305] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] <... futex resumed>) = 0 [pid 5304] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5304] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5305] <... futex resumed>) = 1 [pid 5305] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5305] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] <... futex resumed>) = 0 [pid 5304] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5304] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5305] <... futex resumed>) = 1 [pid 5305] write(4, "\x00\x00", 2) = 2 [pid 5305] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] <... futex resumed>) = 0 [pid 5304] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5304] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5304] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5304] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5304] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5306 attached , parent_tid=[5306], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5306 [pid 5304] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5304] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5305] <... futex resumed>) = 1 [pid 5305] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5306] set_robust_list(0x7f26566289e0, 24 [pid 5305] <... mmap resumed>) = 0x20000000 [pid 5306] <... set_robust_list resumed>) = 0 [pid 5305] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5305] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5306] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5306] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5306] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5304] <... futex resumed>) = 0 [pid 5304] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5304] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5305] <... futex resumed>) = 0 [pid 5305] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5305] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] <... futex resumed>) = 0 [pid 5304] exit_group(0) = ? [pid 5305] <... futex resumed>) = ? [pid 5305] +++ exited with 0 +++ [pid 5306] +++ exited with 0 +++ [pid 5304] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5304, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./75/binderfs") = 0 [ 75.809157][ T5305] loop0: detected capacity change from 0 to 256 [ 75.818316][ T5305] exfat: Deprecated parameter 'utf8' [ 75.829292][ T5305] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./75/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./75/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./75/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./75/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5307 ./strace-static-x86_64: Process 5307 attached [pid 5307] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5307] chdir("./76") = 0 [pid 5307] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5307] setpgid(0, 0) = 0 [pid 5307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5307] write(3, "1000", 4) = 4 [pid 5307] close(3) = 0 [pid 5307] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5307] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5307] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5307] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5308 attached , parent_tid=[5308], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5308 [pid 5308] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5308] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5307] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5308] <... futex resumed>) = 0 [pid 5307] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5308] memfd_create("syzkaller", 0) = 3 [pid 5308] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5308] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5308] munmap(0x7f2656609000, 131072) = 0 [pid 5308] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5308] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5308] close(3) = 0 [pid 5308] mkdir("./file2", 0777) = 0 [pid 5308] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5308] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5308] chdir("./file2") = 0 [pid 5308] ioctl(4, LOOP_CLR_FD) = 0 [pid 5308] close(4) = 0 [pid 5308] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5307] <... futex resumed>) = 0 [pid 5308] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5307] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5307] <... futex resumed>) = 0 [pid 5308] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5307] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5308] <... openat resumed>) = 4 [pid 5308] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5307] <... futex resumed>) = 0 [pid 5308] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5307] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5307] <... futex resumed>) = 0 [pid 5308] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5307] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5308] <... openat resumed>) = 5 [pid 5308] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5307] <... futex resumed>) = 0 [pid 5308] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5307] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5307] <... futex resumed>) = 0 [pid 5308] write(4, "\x00\x00", 2 [pid 5307] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5308] <... write resumed>) = 2 [pid 5308] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5307] <... futex resumed>) = 0 [pid 5308] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5307] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5307] <... futex resumed>) = 0 [pid 5308] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5307] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] <... mmap resumed>) = 0x20000000 [pid 5307] <... futex resumed>) = 0 [pid 5308] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5308] <... futex resumed>) = 0 [pid 5307] <... mmap resumed>) = 0x7f2656608000 [pid 5308] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5307] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5307] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5309], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5309 [pid 5307] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5307] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5309 attached [pid 5309] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5309] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5309] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5309] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5307] <... futex resumed>) = 0 [pid 5307] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] <... futex resumed>) = 0 [pid 5307] <... futex resumed>) = 1 [pid 5308] getdents64(-1, [pid 5307] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5308] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5308] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5307] <... futex resumed>) = 0 [pid 5308] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5307] exit_group(0 [pid 5308] <... futex resumed>) = ? [pid 5307] <... exit_group resumed>) = ? [pid 5308] +++ exited with 0 +++ [pid 5309] <... futex resumed>) = ? [pid 5309] +++ exited with 0 +++ [pid 5307] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5307, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./76/binderfs") = 0 umount2("./76/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./76/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./76/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./76/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 [ 75.947861][ T5308] loop0: detected capacity change from 0 to 256 [ 75.957237][ T5308] exfat: Deprecated parameter 'utf8' [ 75.968774][ T5308] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5310 attached , child_tidptr=0x555556b3a6d0) = 5310 [pid 5310] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5310] chdir("./77") = 0 [pid 5310] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5310] setpgid(0, 0) = 0 [pid 5310] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5310] write(3, "1000", 4) = 4 [pid 5310] close(3) = 0 [pid 5310] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5310] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5310] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5310] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5310] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5311 attached , parent_tid=[5311], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5311 [pid 5311] set_robust_list(0x7f265ea299e0, 24 [pid 5310] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] <... set_robust_list resumed>) = 0 [pid 5310] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5311] memfd_create("syzkaller", 0) = 3 [pid 5311] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5311] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5311] munmap(0x7f2656609000, 131072) = 0 [pid 5311] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5311] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5311] close(3) = 0 [pid 5311] mkdir("./file2", 0777) = 0 [pid 5311] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5311] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5311] chdir("./file2") = 0 [pid 5311] ioctl(4, LOOP_CLR_FD) = 0 [pid 5311] close(4) = 0 [pid 5311] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5310] <... futex resumed>) = 0 [pid 5310] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5310] <... futex resumed>) = 0 [pid 5310] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5311] <... openat resumed>) = 4 [pid 5311] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5310] <... futex resumed>) = 0 [pid 5311] <... futex resumed>) = 1 [pid 5310] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5310] <... futex resumed>) = 0 [pid 5310] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5311] <... openat resumed>) = 5 [pid 5311] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5310] <... futex resumed>) = 0 [pid 5310] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5310] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5311] write(4, "\x00\x00", 2) = 2 [pid 5311] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5310] <... futex resumed>) = 0 [pid 5310] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5310] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5310] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5310] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5310] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5312 attached , parent_tid=[5312], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5312 [pid 5310] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5310] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5312] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5311] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5311] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5312] <... openat resumed>) = 6 [pid 5312] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5310] <... futex resumed>) = 0 [pid 5312] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5310] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] <... futex resumed>) = 0 [pid 5310] <... futex resumed>) = 1 [pid 5311] getdents64(6, [pid 5310] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5311] <... getdents64 resumed>NULL, 32776) = -1 EFAULT (Bad address) [pid 5311] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5310] <... futex resumed>) = 0 [pid 5310] exit_group(0) = ? [pid 5311] +++ exited with 0 +++ [pid 5312] <... futex resumed>) = ? [pid 5312] +++ exited with 0 +++ [pid 5310] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5310, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 76.055779][ T5311] loop0: detected capacity change from 0 to 256 [ 76.067267][ T5311] exfat: Deprecated parameter 'utf8' [ 76.078816][ T5311] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) lstat("./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./77/binderfs") = 0 umount2("./77/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./77/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./77/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./77/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5313 ./strace-static-x86_64: Process 5313 attached [pid 5313] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5313] chdir("./78") = 0 [pid 5313] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5313] setpgid(0, 0) = 0 [pid 5313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5313] write(3, "1000", 4) = 4 [pid 5313] close(3) = 0 [pid 5313] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5313] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5313] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5313] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5314 attached , parent_tid=[5314], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5314 [pid 5313] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5314] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5314] memfd_create("syzkaller", 0) = 3 [pid 5314] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5314] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5314] munmap(0x7f2656609000, 131072) = 0 [pid 5314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5314] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5314] close(3) = 0 [pid 5314] mkdir("./file2", 0777) = 0 [pid 5314] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5314] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5314] chdir("./file2") = 0 [pid 5314] ioctl(4, LOOP_CLR_FD) = 0 [pid 5314] close(4) = 0 [pid 5314] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5313] <... futex resumed>) = 0 [pid 5314] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5313] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5314] <... openat resumed>) = 4 [pid 5314] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5313] <... futex resumed>) = 0 [pid 5314] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5313] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5314] <... openat resumed>) = 5 [pid 5314] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5313] <... futex resumed>) = 0 [pid 5313] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5314] write(4, "\x00\x00", 2 [pid 5313] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5314] <... write resumed>) = 2 [pid 5314] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5313] <... futex resumed>) = 0 [pid 5313] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5314] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5313] <... mmap resumed>) = 0x7f2656608000 [pid 5313] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5314] <... mmap resumed>) = 0x20000000 [pid 5313] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5314] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] <... clone resumed>, parent_tid=[5315], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5315 [pid 5313] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5315 attached [pid 5315] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5315] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5314] <... futex resumed>) = 0 [pid 5315] openat(AT_FDCWD, "", O_RDONLY [pid 5314] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5315] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5315] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] <... futex resumed>) = 0 [pid 5313] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5313] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5315] <... futex resumed>) = 1 [pid 5315] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5314] <... futex resumed>) = 0 [pid 5314] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5314] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5313] <... futex resumed>) = 0 [pid 5314] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5313] exit_group(0) = ? [pid 5314] <... futex resumed>) = ? [pid 5315] <... futex resumed>) = ? [pid 5314] +++ exited with 0 +++ [pid 5315] +++ exited with 0 +++ [pid 5313] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5313, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./78/binderfs") = 0 [ 76.198422][ T5314] loop0: detected capacity change from 0 to 256 [ 76.208431][ T5314] exfat: Deprecated parameter 'utf8' [ 76.219036][ T5314] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./78/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./78/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./78/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./78/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5316 ./strace-static-x86_64: Process 5316 attached [pid 5316] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5316] chdir("./79") = 0 [pid 5316] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5316] setpgid(0, 0) = 0 [pid 5316] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5316] write(3, "1000", 4) = 4 [pid 5316] close(3) = 0 [pid 5316] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5316] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5316] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5316] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5316] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5317 attached , parent_tid=[5317], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5317 [pid 5317] set_robust_list(0x7f265ea299e0, 24 [pid 5316] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5317] <... set_robust_list resumed>) = 0 [pid 5316] <... futex resumed>) = 0 [pid 5317] memfd_create("syzkaller", 0 [pid 5316] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5317] <... memfd_create resumed>) = 3 [pid 5317] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5317] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5317] munmap(0x7f2656609000, 131072) = 0 [pid 5317] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5317] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5317] close(3) = 0 [pid 5317] mkdir("./file2", 0777) = 0 [pid 5317] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5317] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5317] chdir("./file2") = 0 [pid 5317] ioctl(4, LOOP_CLR_FD) = 0 [pid 5317] close(4) = 0 [pid 5317] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5316] <... futex resumed>) = 0 [pid 5316] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5316] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5317] <... futex resumed>) = 1 [pid 5317] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5317] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5316] <... futex resumed>) = 0 [pid 5316] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5316] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5317] <... futex resumed>) = 1 [pid 5317] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5317] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5316] <... futex resumed>) = 0 [pid 5317] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5316] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5317] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5316] <... futex resumed>) = 0 [pid 5317] write(4, "\x00\x00", 2 [pid 5316] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5317] <... write resumed>) = 2 [pid 5317] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5316] <... futex resumed>) = 0 [pid 5317] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5316] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5317] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5316] <... futex resumed>) = 0 [pid 5317] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5316] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5316] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5317] <... mmap resumed>) = 0x20000000 [pid 5316] <... mmap resumed>) = 0x7f2656608000 [pid 5317] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5316] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5317] <... futex resumed>) = 0 [pid 5316] <... mprotect resumed>) = 0 [pid 5317] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5316] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5318 attached [pid 5318] set_robust_list(0x7f26566289e0, 24 [pid 5316] <... clone resumed>, parent_tid=[5318], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5318 [pid 5318] <... set_robust_list resumed>) = 0 [pid 5316] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5316] <... futex resumed>) = 0 [pid 5318] openat(AT_FDCWD, "", O_RDONLY [pid 5316] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5318] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5316] <... futex resumed>) = 0 [pid 5318] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5316] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5317] <... futex resumed>) = 0 [pid 5316] <... futex resumed>) = 1 [pid 5317] getdents64(-1, [pid 5316] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5317] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5317] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5316] <... futex resumed>) = 0 [pid 5317] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5316] exit_group(0 [pid 5318] <... futex resumed>) = ? [pid 5317] <... futex resumed>) = ? [pid 5316] <... exit_group resumed>) = ? [pid 5317] +++ exited with 0 +++ [pid 5318] +++ exited with 0 +++ [pid 5316] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5316, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./79/binderfs") = 0 [ 76.324020][ T5317] loop0: detected capacity change from 0 to 256 [ 76.332643][ T5317] exfat: Deprecated parameter 'utf8' [ 76.343506][ T5317] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./79/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./79/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./79/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./79/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5319 attached , child_tidptr=0x555556b3a6d0) = 5319 [pid 5319] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5319] chdir("./80") = 0 [pid 5319] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5319] setpgid(0, 0) = 0 [pid 5319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5319] write(3, "1000", 4) = 4 [pid 5319] close(3) = 0 [pid 5319] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5319] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5319] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5319] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5319] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5320 attached , parent_tid=[5320], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5320 [pid 5319] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5319] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5320] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5320] memfd_create("syzkaller", 0) = 3 [pid 5320] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5320] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5320] munmap(0x7f2656609000, 131072) = 0 [pid 5320] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5320] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5320] close(3) = 0 [pid 5320] mkdir("./file2", 0777) = 0 [pid 5320] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5320] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5320] chdir("./file2") = 0 [pid 5320] ioctl(4, LOOP_CLR_FD) = 0 [pid 5320] close(4) = 0 [pid 5320] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5319] <... futex resumed>) = 0 [pid 5319] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5319] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5320] <... futex resumed>) = 1 [pid 5320] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5320] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5319] <... futex resumed>) = 0 [pid 5319] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5319] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5320] <... futex resumed>) = 1 [pid 5320] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5320] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5319] <... futex resumed>) = 0 [pid 5319] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5319] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5320] <... futex resumed>) = 1 [pid 5320] write(4, "\x00\x00", 2) = 2 [pid 5320] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5319] <... futex resumed>) = 0 [pid 5319] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5319] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5319] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5319] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5319] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5321], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5321 [pid 5319] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 76.459039][ T5320] loop0: detected capacity change from 0 to 256 [ 76.471651][ T5320] exfat: Deprecated parameter 'utf8' [ 76.484145][ T5320] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5319] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5320] <... futex resumed>) = 1 [pid 5320] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5320] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5320] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5321 attached [pid 5321] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5321] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5321] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5321] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5319] <... futex resumed>) = 0 [pid 5321] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5319] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5320] <... futex resumed>) = 0 [pid 5319] <... futex resumed>) = 1 [pid 5319] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5320] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5320] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5319] <... futex resumed>) = 0 [pid 5320] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5319] exit_group(0 [pid 5321] <... futex resumed>) = ? [pid 5320] <... futex resumed>) = ? [pid 5319] <... exit_group resumed>) = ? [pid 5321] +++ exited with 0 +++ [pid 5320] +++ exited with 0 +++ [pid 5319] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5319, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./80/binderfs") = 0 umount2("./80/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./80/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./80/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./80/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5322 ./strace-static-x86_64: Process 5322 attached [pid 5322] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5322] chdir("./81") = 0 [pid 5322] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5322] setpgid(0, 0) = 0 [pid 5322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5322] write(3, "1000", 4) = 4 [pid 5322] close(3) = 0 [pid 5322] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5322] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5322] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5322] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5322] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5323], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5323 [pid 5322] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5322] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5323 attached [pid 5323] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5323] memfd_create("syzkaller", 0) = 3 [pid 5323] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5323] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5323] munmap(0x7f2656609000, 131072) = 0 [pid 5323] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5323] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5323] close(3) = 0 [pid 5323] mkdir("./file2", 0777) = 0 [pid 5323] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5323] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5323] chdir("./file2") = 0 [pid 5323] ioctl(4, LOOP_CLR_FD) = 0 [pid 5323] close(4) = 0 [pid 5323] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5322] <... futex resumed>) = 0 [pid 5322] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5322] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5323] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5323] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5322] <... futex resumed>) = 0 [pid 5322] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5322] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5323] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5323] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5322] <... futex resumed>) = 0 [pid 5322] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5322] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5323] write(4, "\x00\x00", 2) = 2 [pid 5323] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5322] <... futex resumed>) = 0 [pid 5322] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5322] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5322] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5323] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5322] <... mmap resumed>) = 0x7f2656608000 [pid 5322] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5322] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5324], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5324 [pid 5322] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 76.641933][ T5323] loop0: detected capacity change from 0 to 256 [ 76.654278][ T5323] exfat: Deprecated parameter 'utf8' [ 76.666912][ T5323] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5322] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5323] <... mmap resumed>) = 0x20000000 [pid 5323] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5323] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5324 attached [pid 5324] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5324] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5324] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5324] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5322] <... futex resumed>) = 0 [pid 5322] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5323] <... futex resumed>) = 0 [pid 5322] <... futex resumed>) = 1 [pid 5322] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5323] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5323] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5322] <... futex resumed>) = 0 [pid 5323] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5322] exit_group(0 [pid 5323] <... futex resumed>) = ? [pid 5322] <... exit_group resumed>) = ? [pid 5323] +++ exited with 0 +++ [pid 5324] +++ exited with 0 +++ [pid 5322] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5322, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./81/binderfs") = 0 umount2("./81/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./81/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./81/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./81/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5325 ./strace-static-x86_64: Process 5325 attached [pid 5325] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5325] chdir("./82") = 0 [pid 5325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5325] setpgid(0, 0) = 0 [pid 5325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5325] write(3, "1000", 4) = 4 [pid 5325] close(3) = 0 [pid 5325] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5325] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5325] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5325] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5325] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5326], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5326 [pid 5325] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5325] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5326 attached [pid 5326] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5326] memfd_create("syzkaller", 0) = 3 [pid 5326] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5326] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5326] munmap(0x7f2656609000, 131072) = 0 [pid 5326] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5326] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5326] close(3) = 0 [pid 5326] mkdir("./file2", 0777) = 0 [pid 5326] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5326] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5326] chdir("./file2") = 0 [pid 5326] ioctl(4, LOOP_CLR_FD) = 0 [pid 5326] close(4) = 0 [pid 5326] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5325] <... futex resumed>) = 0 [pid 5325] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5325] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5326] <... futex resumed>) = 1 [pid 5326] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5326] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5325] <... futex resumed>) = 0 [pid 5325] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5325] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5326] <... futex resumed>) = 1 [pid 5326] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5326] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5325] <... futex resumed>) = 0 [pid 5325] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5325] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5326] <... futex resumed>) = 1 [pid 5326] write(4, "\x00\x00", 2) = 2 [pid 5326] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5325] <... futex resumed>) = 0 [pid 5325] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5325] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5325] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5325] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5325] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5327], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5327 [pid 5325] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5325] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5326] <... futex resumed>) = 1 [pid 5326] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0./strace-static-x86_64: Process 5327 attached ) = 0x20000000 [pid 5326] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 76.794255][ T5326] loop0: detected capacity change from 0 to 256 [ 76.806045][ T5326] exfat: Deprecated parameter 'utf8' [ 76.818709][ T5326] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5326] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5327] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5327] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5327] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5327] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5325] <... futex resumed>) = 0 [pid 5325] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5326] <... futex resumed>) = 0 [pid 5325] <... futex resumed>) = 1 [pid 5326] getdents64(-1, [pid 5325] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5326] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5326] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5325] <... futex resumed>) = 0 [pid 5327] <... futex resumed>) = 1 [pid 5326] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5325] exit_group(0 [pid 5326] <... futex resumed>) = ? [pid 5325] <... exit_group resumed>) = ? [pid 5327] +++ exited with 0 +++ [pid 5326] +++ exited with 0 +++ [pid 5325] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5325, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./82/binderfs") = 0 umount2("./82/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./82/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./82/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./82/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5328 ./strace-static-x86_64: Process 5328 attached [pid 5328] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5328] chdir("./83") = 0 [pid 5328] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5328] setpgid(0, 0) = 0 [pid 5328] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5328] write(3, "1000", 4) = 4 [pid 5328] close(3) = 0 [pid 5328] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5328] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5328] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5328] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5328] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5329], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5329 [pid 5328] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5328] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5329 attached [pid 5329] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5329] memfd_create("syzkaller", 0) = 3 [pid 5329] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5329] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5329] munmap(0x7f2656609000, 131072) = 0 [pid 5329] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5329] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5329] close(3) = 0 [pid 5329] mkdir("./file2", 0777) = 0 [pid 5329] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5329] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5329] chdir("./file2") = 0 [pid 5329] ioctl(4, LOOP_CLR_FD) = 0 [pid 5329] close(4) = 0 [pid 5329] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5328] <... futex resumed>) = 0 [pid 5328] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5328] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5329] <... futex resumed>) = 1 [pid 5329] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5329] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5328] <... futex resumed>) = 0 [pid 5328] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5328] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5329] <... futex resumed>) = 1 [pid 5329] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5329] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5328] <... futex resumed>) = 0 [pid 5328] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5328] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5329] <... futex resumed>) = 1 [pid 5329] write(4, "\x00\x00", 2) = 2 [pid 5329] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5328] <... futex resumed>) = 0 [pid 5328] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5328] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5328] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5328] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5328] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5330], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5330 [pid 5328] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5328] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5329] <... futex resumed>) = 1 [pid 5329] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5329] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5330 attached [pid 5330] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5330] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5330] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5330] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5328] <... futex resumed>) = 0 [pid 5328] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5329] <... futex resumed>) = 0 [pid 5328] <... futex resumed>) = 1 [pid 5329] getdents64(-1, [pid 5328] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5329] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5329] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5328] <... futex resumed>) = 0 [pid 5329] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5328] exit_group(0 [pid 5329] <... futex resumed>) = ? [pid 5328] <... exit_group resumed>) = ? [pid 5329] +++ exited with 0 +++ [pid 5330] <... futex resumed>) = ? [pid 5330] +++ exited with 0 +++ [pid 5328] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5328, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 [ 76.940972][ T5329] loop0: detected capacity change from 0 to 256 [ 76.953056][ T5329] exfat: Deprecated parameter 'utf8' [ 76.965837][ T5329] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./83/binderfs") = 0 umount2("./83/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./83/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./83/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./83/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./83/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5331 ./strace-static-x86_64: Process 5331 attached [pid 5331] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5331] chdir("./84") = 0 [pid 5331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5331] setpgid(0, 0) = 0 [pid 5331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5331] write(3, "1000", 4) = 4 [pid 5331] close(3) = 0 [pid 5331] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5331] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5331] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5331] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5331] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5332], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5332 [pid 5331] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5331] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5332 attached [pid 5332] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5332] memfd_create("syzkaller", 0) = 3 [pid 5332] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5332] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5332] munmap(0x7f2656609000, 131072) = 0 [pid 5332] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5332] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5332] close(3) = 0 [pid 5332] mkdir("./file2", 0777) = 0 [pid 5332] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5332] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5332] chdir("./file2") = 0 [pid 5332] ioctl(4, LOOP_CLR_FD) = 0 [pid 5332] close(4) = 0 [pid 5332] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5331] <... futex resumed>) = 0 [pid 5331] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5331] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5332] <... futex resumed>) = 1 [pid 5332] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5332] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5331] <... futex resumed>) = 0 [pid 5331] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5331] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5332] <... futex resumed>) = 1 [pid 5332] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5332] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5331] <... futex resumed>) = 0 [pid 5331] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5331] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5332] write(4, "\x00\x00", 2) = 2 [pid 5332] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5331] <... futex resumed>) = 0 [pid 5331] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5331] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5331] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5331] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5331] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5333 attached , parent_tid=[5333], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5333 [pid 5333] set_robust_list(0x7f26566289e0, 24 [pid 5331] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5333] <... set_robust_list resumed>) = 0 [pid 5332] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5331] <... futex resumed>) = 0 [pid 5333] openat(AT_FDCWD, "", O_RDONLY [pid 5331] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5332] <... mmap resumed>) = 0x20000000 [pid 5333] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5332] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5333] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] <... futex resumed>) = 0 [pid 5331] <... futex resumed>) = 0 [pid 5333] <... futex resumed>) = 1 [pid 5332] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5331] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5333] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5331] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5332] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5332] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5331] <... futex resumed>) = 0 [pid 5332] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5331] exit_group(0 [pid 5332] <... futex resumed>) = ? [pid 5333] <... futex resumed>) = ? [pid 5331] <... exit_group resumed>) = ? [pid 5332] +++ exited with 0 +++ [pid 5333] +++ exited with 0 +++ [pid 5331] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5331, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./84/binderfs") = 0 [ 77.076679][ T5332] loop0: detected capacity change from 0 to 256 [ 77.089276][ T5332] exfat: Deprecated parameter 'utf8' [ 77.101178][ T5332] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./84/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./84/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./84/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./84/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5334 ./strace-static-x86_64: Process 5334 attached [pid 5334] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5334] chdir("./85") = 0 [pid 5334] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5334] setpgid(0, 0) = 0 [pid 5334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5334] write(3, "1000", 4) = 4 [pid 5334] close(3) = 0 [pid 5334] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5334] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5334] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5334] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5334] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5335], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5335 [pid 5334] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5334] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5335 attached [pid 5335] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5335] memfd_create("syzkaller", 0) = 3 [pid 5335] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5335] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5335] munmap(0x7f2656609000, 131072) = 0 [pid 5335] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5335] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5335] close(3) = 0 [pid 5335] mkdir("./file2", 0777) = 0 [pid 5335] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5335] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5335] chdir("./file2") = 0 [pid 5335] ioctl(4, LOOP_CLR_FD) = 0 [pid 5335] close(4) = 0 [pid 5335] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5334] <... futex resumed>) = 0 [pid 5334] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5334] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5335] <... futex resumed>) = 1 [pid 5335] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5335] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5334] <... futex resumed>) = 0 [pid 5334] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5334] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5335] <... futex resumed>) = 1 [pid 5335] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5335] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5334] <... futex resumed>) = 0 [pid 5334] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5334] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5335] write(4, "\x00\x00", 2) = 2 [pid 5335] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5334] <... futex resumed>) = 0 [pid 5335] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5334] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5334] <... futex resumed>) = 0 [pid 5335] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5334] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] <... mmap resumed>) = 0x20000000 [pid 5334] <... futex resumed>) = 0 [pid 5335] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5334] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5335] <... futex resumed>) = 0 [pid 5334] <... mmap resumed>) = 0x7f2656608000 [pid 5335] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5334] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5334] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5336 attached , parent_tid=[5336], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5336 [pid 5334] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5334] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5336] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5336] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5336] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5336] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5334] <... futex resumed>) = 0 [pid 5336] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5334] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] <... futex resumed>) = 0 [pid 5334] <... futex resumed>) = 1 [pid 5335] getdents64(-1, [pid 5334] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5335] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5335] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5334] <... futex resumed>) = 0 [pid 5335] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5334] exit_group(0 [pid 5336] <... futex resumed>) = ? [pid 5335] <... futex resumed>) = ? [pid 5334] <... exit_group resumed>) = ? [pid 5336] +++ exited with 0 +++ [pid 5335] +++ exited with 0 +++ [pid 5334] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5334, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./85/binderfs") = 0 umount2("./85/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./85/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./85/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./85/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 [ 77.188265][ T5335] loop0: detected capacity change from 0 to 256 [ 77.198296][ T5335] exfat: Deprecated parameter 'utf8' [ 77.209927][ T5335] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) rmdir("./85/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5337 ./strace-static-x86_64: Process 5337 attached [pid 5337] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5337] chdir("./86") = 0 [pid 5337] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5337] setpgid(0, 0) = 0 [pid 5337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5337] write(3, "1000", 4) = 4 [pid 5337] close(3) = 0 [pid 5337] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5337] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5337] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5337] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5337] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5338 attached , parent_tid=[5338], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5338 [pid 5338] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5338] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5337] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5338] <... futex resumed>) = 0 [pid 5337] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5338] memfd_create("syzkaller", 0) = 3 [pid 5338] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5338] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5338] munmap(0x7f2656609000, 131072) = 0 [pid 5338] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5338] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5338] close(3) = 0 [pid 5338] mkdir("./file2", 0777) = 0 [pid 5338] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5338] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5338] chdir("./file2") = 0 [pid 5338] ioctl(4, LOOP_CLR_FD) = 0 [pid 5338] close(4) = 0 [pid 5338] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5337] <... futex resumed>) = 0 [pid 5337] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5337] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5338] <... futex resumed>) = 1 [pid 5338] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5338] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5337] <... futex resumed>) = 0 [pid 5337] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5337] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5338] <... futex resumed>) = 1 [pid 5338] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5338] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5337] <... futex resumed>) = 0 [pid 5337] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5337] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5338] <... futex resumed>) = 1 [pid 5338] write(4, "\x00\x00", 2) = 2 [pid 5338] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5337] <... futex resumed>) = 0 [pid 5337] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5337] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5337] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5337] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5337] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5339], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5339 [pid 5337] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5337] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5338] <... futex resumed>) = 1 [pid 5338] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5338] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5338] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5339 attached [pid 5339] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5339] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5339] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5339] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5337] <... futex resumed>) = 0 [pid 5337] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5337] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5338] <... futex resumed>) = 0 [pid 5338] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5338] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5337] <... futex resumed>) = 0 [pid 5337] exit_group(0) = ? [pid 5338] +++ exited with 0 +++ [pid 5339] <... futex resumed>) = ? [pid 5339] +++ exited with 0 +++ [pid 5337] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5337, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./86/binderfs") = 0 umount2("./86/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./86/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./86/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./86/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./86/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5340 ./strace-static-x86_64: Process 5340 attached [pid 5340] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5340] chdir("./87") = 0 [pid 5340] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5340] setpgid(0, 0) = 0 [pid 5340] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5340] write(3, "1000", 4) = 4 [pid 5340] close(3) = 0 [pid 5340] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5340] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 77.304300][ T5338] loop0: detected capacity change from 0 to 256 [ 77.314006][ T5338] exfat: Deprecated parameter 'utf8' [ 77.323974][ T5338] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5340] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5340] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5340] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5341], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5341 [pid 5340] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5340] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5341 attached [pid 5341] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5341] memfd_create("syzkaller", 0) = 3 [pid 5341] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5341] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5341] munmap(0x7f2656609000, 131072) = 0 [pid 5341] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5341] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5341] close(3) = 0 [pid 5341] mkdir("./file2", 0777) = 0 [pid 5341] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5341] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5341] chdir("./file2") = 0 [pid 5341] ioctl(4, LOOP_CLR_FD) = 0 [pid 5341] close(4) = 0 [pid 5341] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] <... futex resumed>) = 0 [pid 5340] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5340] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5341] <... futex resumed>) = 1 [pid 5341] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5341] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] <... futex resumed>) = 0 [pid 5340] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5340] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5341] <... futex resumed>) = 1 [pid 5341] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5341] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] <... futex resumed>) = 0 [pid 5340] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5340] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5341] <... futex resumed>) = 1 [pid 5341] write(4, "\x00\x00", 2) = 2 [pid 5341] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] <... futex resumed>) = 0 [pid 5340] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5340] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5340] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5340] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5340] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5342], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5342 [pid 5340] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5340] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5341] <... futex resumed>) = 1 ./strace-static-x86_64: Process 5342 attached [pid 5341] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5342] set_robust_list(0x7f26566289e0, 24 [pid 5341] <... mmap resumed>) = 0x20000000 [pid 5342] <... set_robust_list resumed>) = 0 [pid 5341] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5342] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5341] <... futex resumed>) = 0 [pid 5342] openat(AT_FDCWD, "", O_RDONLY [pid 5341] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5342] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5342] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] <... futex resumed>) = 0 [pid 5340] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5340] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5342] <... futex resumed>) = 1 [pid 5342] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5341] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5341] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5341] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5340] <... futex resumed>) = 0 [pid 5341] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5340] exit_group(0 [pid 5341] <... futex resumed>) = ? [pid 5340] <... exit_group resumed>) = ? [pid 5341] +++ exited with 0 +++ [pid 5342] <... futex resumed>) = ? [pid 5342] +++ exited with 0 +++ [pid 5340] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5340, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./87/binderfs") = 0 [ 77.394371][ T5341] loop0: detected capacity change from 0 to 256 [ 77.402909][ T5341] exfat: Deprecated parameter 'utf8' [ 77.414587][ T5341] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./87/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./87/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./87/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./87/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./87/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5343 ./strace-static-x86_64: Process 5343 attached [pid 5343] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5343] chdir("./88") = 0 [pid 5343] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5343] setpgid(0, 0) = 0 [pid 5343] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5343] write(3, "1000", 4) = 4 [pid 5343] close(3) = 0 [pid 5343] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5343] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5343] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5343] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5343] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5344 attached , parent_tid=[5344], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5344 [pid 5344] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5344] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5343] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5344] <... futex resumed>) = 0 [pid 5343] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5344] memfd_create("syzkaller", 0) = 3 [pid 5344] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5344] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5344] munmap(0x7f2656609000, 131072) = 0 [pid 5344] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5344] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5344] close(3) = 0 [pid 5344] mkdir("./file2", 0777) = 0 [pid 5344] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5344] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5344] chdir("./file2") = 0 [pid 5344] ioctl(4, LOOP_CLR_FD) = 0 [pid 5344] close(4) = 0 [pid 5344] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5344] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5343] <... futex resumed>) = 0 [pid 5343] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5343] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5344] <... futex resumed>) = 0 [pid 5344] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5344] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5343] <... futex resumed>) = 0 [pid 5343] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5343] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5344] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5344] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5343] <... futex resumed>) = 0 [pid 5343] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5343] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5344] write(4, "\x00\x00", 2) = 2 [pid 5344] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5343] <... futex resumed>) = 0 [pid 5343] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5343] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5343] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5343] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5343] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5345], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5345 [pid 5343] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5343] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5345 attached [pid 5345] set_robust_list(0x7f26566289e0, 24 [pid 5344] <... futex resumed>) = 1 [pid 5345] <... set_robust_list resumed>) = 0 [pid 5345] openat(AT_FDCWD, "./file0", O_RDONLY) = 6 [pid 5344] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5345] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5343] <... futex resumed>) = 0 [pid 5343] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5345] <... futex resumed>) = 1 [pid 5344] <... mmap resumed>) = 0x20000000 [pid 5343] <... futex resumed>) = 0 [pid 5343] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5345] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 5345] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5343] <... futex resumed>) = 0 [pid 5345] <... futex resumed>) = 1 [pid 5345] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5343] exit_group(0 [pid 5345] <... futex resumed>) = ? [pid 5344] <... futex resumed>) = ? [pid 5343] <... exit_group resumed>) = ? [pid 5345] +++ exited with 0 +++ [pid 5344] +++ exited with 0 +++ [pid 5343] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5343, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 77.511924][ T5344] loop0: detected capacity change from 0 to 256 [ 77.521277][ T5344] exfat: Deprecated parameter 'utf8' [ 77.531825][ T5344] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) unlink("./88/binderfs") = 0 umount2("./88/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./88/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./88/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./88/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./88/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88") = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5346 ./strace-static-x86_64: Process 5346 attached [pid 5346] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5346] chdir("./89") = 0 [pid 5346] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5346] setpgid(0, 0) = 0 [pid 5346] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5346] write(3, "1000", 4) = 4 [pid 5346] close(3) = 0 [pid 5346] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5346] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5346] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5346] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5346] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5347 attached [pid 5347] set_robust_list(0x7f265ea299e0, 24 [pid 5346] <... clone resumed>, parent_tid=[5347], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5347 [pid 5347] <... set_robust_list resumed>) = 0 [pid 5346] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5346] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5347] memfd_create("syzkaller", 0) = 3 [pid 5347] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5347] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5347] munmap(0x7f2656609000, 131072) = 0 [pid 5347] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5347] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5347] close(3) = 0 [pid 5347] mkdir("./file2", 0777) = 0 [pid 5347] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5347] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5347] chdir("./file2") = 0 [pid 5347] ioctl(4, LOOP_CLR_FD) = 0 [pid 5347] close(4) = 0 [pid 5347] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5346] <... futex resumed>) = 0 [pid 5346] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5347] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5346] <... futex resumed>) = 0 [pid 5346] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5347] <... openat resumed>) = 4 [pid 5347] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5346] <... futex resumed>) = 0 [pid 5347] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5346] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5347] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5346] <... futex resumed>) = 0 [pid 5347] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5346] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5347] <... openat resumed>) = 5 [pid 5347] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5347] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5346] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5346] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5347] <... futex resumed>) = 0 [pid 5346] <... futex resumed>) = 1 [pid 5347] write(4, "\x00\x00", 2 [pid 5346] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5347] <... write resumed>) = 2 [pid 5347] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5346] <... futex resumed>) = 0 [pid 5347] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5346] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5347] <... mmap resumed>) = 0x20000000 [pid 5346] <... futex resumed>) = 0 [pid 5347] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5346] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5347] <... futex resumed>) = 0 [pid 5346] <... futex resumed>) = 0 [pid 5347] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5346] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5346] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5346] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5348], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5348 [pid 5346] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5346] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5348 attached [pid 5348] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5348] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5348] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5348] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5346] <... futex resumed>) = 0 [pid 5346] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5347] <... futex resumed>) = 0 [pid 5346] <... futex resumed>) = 1 [pid 5347] getdents64(-1, [pid 5346] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5347] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5347] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5346] <... futex resumed>) = 0 [pid 5347] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5346] exit_group(0 [pid 5347] <... futex resumed>) = ? [pid 5346] <... exit_group resumed>) = ? [pid 5347] +++ exited with 0 +++ [pid 5348] <... futex resumed>) = ? [pid 5348] +++ exited with 0 +++ [pid 5346] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5346, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./89/binderfs") = 0 [ 77.641191][ T5347] loop0: detected capacity change from 0 to 256 [ 77.651178][ T5347] exfat: Deprecated parameter 'utf8' [ 77.661608][ T5347] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./89/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./89/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./89/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./89/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./89/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5349 ./strace-static-x86_64: Process 5349 attached [pid 5349] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5349] chdir("./90") = 0 [pid 5349] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5349] setpgid(0, 0) = 0 [pid 5349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5349] write(3, "1000", 4) = 4 [pid 5349] close(3) = 0 [pid 5349] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5349] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5349] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5349] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5349] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5350 attached , parent_tid=[5350], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5350 [pid 5350] set_robust_list(0x7f265ea299e0, 24 [pid 5349] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] <... set_robust_list resumed>) = 0 [pid 5349] <... futex resumed>) = 0 [pid 5349] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5350] memfd_create("syzkaller", 0) = 3 [pid 5350] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5350] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5350] munmap(0x7f2656609000, 131072) = 0 [pid 5350] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5350] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5350] close(3) = 0 [pid 5350] mkdir("./file2", 0777) = 0 [pid 5350] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5350] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5350] chdir("./file2") = 0 [pid 5350] ioctl(4, LOOP_CLR_FD) = 0 [pid 5350] close(4) = 0 [pid 5350] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5349] <... futex resumed>) = 0 [pid 5349] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5349] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5350] <... openat resumed>) = 4 [pid 5350] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5349] <... futex resumed>) = 0 [pid 5350] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5349] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5349] <... futex resumed>) = 0 [pid 5350] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5349] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5350] <... openat resumed>) = 5 [pid 5350] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5349] <... futex resumed>) = 0 [pid 5349] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] write(4, "\x00\x00", 2) = 2 [pid 5349] <... futex resumed>) = 0 [pid 5350] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5349] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5350] <... futex resumed>) = 0 [pid 5349] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5350] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5349] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5349] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5349] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5350] <... mmap resumed>) = 0x20000000 [pid 5349] <... mmap resumed>) = 0x7f2656608000 [pid 5349] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5350] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5349] <... mprotect resumed>) = 0 [pid 5349] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5351 attached [pid 5350] <... futex resumed>) = 0 [pid 5349] <... clone resumed>, parent_tid=[5351], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5351 [pid 5349] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5351] set_robust_list(0x7f26566289e0, 24 [pid 5350] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5349] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5351] <... set_robust_list resumed>) = 0 [pid 5351] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5351] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5351] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5349] <... futex resumed>) = 0 [pid 5349] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] <... futex resumed>) = 0 [pid 5349] <... futex resumed>) = 1 [pid 5351] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5350] getdents64(-1, [pid 5349] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5350] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5350] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5349] <... futex resumed>) = 0 [pid 5350] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5349] exit_group(0 [pid 5350] <... futex resumed>) = ? [pid 5349] <... exit_group resumed>) = ? [pid 5350] +++ exited with 0 +++ [pid 5351] <... futex resumed>) = ? [pid 5351] +++ exited with 0 +++ [pid 5349] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5349, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./90/binderfs") = 0 [ 77.763459][ T5350] loop0: detected capacity change from 0 to 256 [ 77.772128][ T5350] exfat: Deprecated parameter 'utf8' [ 77.783706][ T5350] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./90/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./90/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./90/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./90/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./90/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./90") = 0 mkdir("./91", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5352 ./strace-static-x86_64: Process 5352 attached [pid 5352] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5352] chdir("./91") = 0 [pid 5352] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5352] setpgid(0, 0) = 0 [pid 5352] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5352] write(3, "1000", 4) = 4 [pid 5352] close(3) = 0 [pid 5352] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5352] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5352] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5352] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5352] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5353 attached , parent_tid=[5353], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5353 [pid 5353] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5353] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5352] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5352] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5353] memfd_create("syzkaller", 0) = 3 [pid 5353] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5353] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5353] munmap(0x7f2656609000, 131072) = 0 [pid 5353] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5353] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5353] close(3) = 0 [pid 5353] mkdir("./file2", 0777) = 0 [pid 5353] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5353] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5353] chdir("./file2") = 0 [pid 5353] ioctl(4, LOOP_CLR_FD) = 0 [pid 5353] close(4) = 0 [pid 5353] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5352] <... futex resumed>) = 0 [pid 5352] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5353] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5352] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5353] <... openat resumed>) = 4 [pid 5353] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5352] <... futex resumed>) = 0 [pid 5353] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5352] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5352] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5353] <... openat resumed>) = 5 [pid 5353] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5352] <... futex resumed>) = 0 [pid 5353] write(4, "\x00\x00", 2 [pid 5352] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] <... write resumed>) = 2 [pid 5353] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5352] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5352] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5352] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5352] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5353] <... futex resumed>) = 0 [pid 5352] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5352] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5354], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5354 ./strace-static-x86_64: Process 5354 attached [pid 5352] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5354] set_robust_list(0x7f26566289e0, 24 [pid 5352] <... futex resumed>) = 0 [pid 5354] <... set_robust_list resumed>) = 0 [pid 5352] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5354] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5353] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5354] <... openat resumed>) = 6 [pid 5354] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5352] <... futex resumed>) = 0 [ 77.898223][ T5353] loop0: detected capacity change from 0 to 256 [ 77.907499][ T5353] exfat: Deprecated parameter 'utf8' [ 77.918870][ T5353] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5353] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5352] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5352] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5354] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5353] <... futex resumed>) = 1 [pid 5352] <... futex resumed>) = 0 [pid 5352] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=48000000} [pid 5353] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 5353] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5352] <... futex resumed>) = 0 [pid 5352] exit_group(0 [pid 5354] <... futex resumed>) = ? [pid 5352] <... exit_group resumed>) = ? [pid 5354] +++ exited with 0 +++ [pid 5353] +++ exited with 0 +++ [pid 5352] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5352, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./91/binderfs") = 0 umount2("./91/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./91/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./91/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./91/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./91/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5355 ./strace-static-x86_64: Process 5355 attached [pid 5355] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5355] chdir("./92") = 0 [pid 5355] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5355] setpgid(0, 0) = 0 [pid 5355] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5355] write(3, "1000", 4) = 4 [pid 5355] close(3) = 0 [pid 5355] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5355] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5355] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5355] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5355] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5356], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5356 [pid 5355] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5355] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5356 attached [pid 5356] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5356] memfd_create("syzkaller", 0) = 3 [pid 5356] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5356] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5356] munmap(0x7f2656609000, 131072) = 0 [pid 5356] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5356] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5356] close(3) = 0 [pid 5356] mkdir("./file2", 0777) = 0 [pid 5356] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5356] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5356] chdir("./file2") = 0 [pid 5356] ioctl(4, LOOP_CLR_FD) = 0 [pid 5356] close(4) = 0 [pid 5356] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5356] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5355] <... futex resumed>) = 0 [pid 5355] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5356] <... futex resumed>) = 0 [pid 5356] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5355] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5356] <... openat resumed>) = 4 [pid 5356] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5355] <... futex resumed>) = 0 [pid 5355] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5356] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5355] <... futex resumed>) = 0 [pid 5355] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5356] <... openat resumed>) = 5 [pid 5356] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5355] <... futex resumed>) = 0 [pid 5356] write(4, "\x00\x00", 2 [pid 5355] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5356] <... write resumed>) = 2 [pid 5355] <... futex resumed>) = 0 [pid 5356] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5355] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5356] <... futex resumed>) = 0 [pid 5355] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5355] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5355] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5356] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5355] <... futex resumed>) = 0 [pid 5355] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5356] <... mmap resumed>) = 0x20000000 [pid 5356] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5355] <... mmap resumed>) = 0x7f2656608000 [pid 5355] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5356] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5355] <... mprotect resumed>) = 0 [pid 5355] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5357 attached , parent_tid=[5357], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5357 [pid 5357] set_robust_list(0x7f26566289e0, 24 [pid 5355] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5357] <... set_robust_list resumed>) = 0 [pid 5355] <... futex resumed>) = 0 [pid 5357] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5355] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5357] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5357] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5355] <... futex resumed>) = 0 [pid 5357] <... futex resumed>) = 1 [pid 5355] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5357] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5356] <... futex resumed>) = 0 [pid 5355] <... futex resumed>) = 1 [pid 5355] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5356] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5356] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5355] <... futex resumed>) = 0 [pid 5356] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5355] exit_group(0 [pid 5356] <... futex resumed>) = ? [pid 5355] <... exit_group resumed>) = ? [pid 5356] +++ exited with 0 +++ [pid 5357] <... futex resumed>) = ? [pid 5357] +++ exited with 0 +++ [pid 5355] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5355, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./92/binderfs") = 0 umount2("./92/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./92/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./92/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./92/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./92/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 mkdir("./93", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 78.041059][ T5356] loop0: detected capacity change from 0 to 256 [ 78.050132][ T5356] exfat: Deprecated parameter 'utf8' [ 78.060847][ T5356] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5358 ./strace-static-x86_64: Process 5358 attached [pid 5358] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5358] chdir("./93") = 0 [pid 5358] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5358] setpgid(0, 0) = 0 [pid 5358] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5358] write(3, "1000", 4) = 4 [pid 5358] close(3) = 0 [pid 5358] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5358] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5358] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5358] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5358] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5359], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5359 ./strace-static-x86_64: Process 5359 attached [pid 5359] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5359] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5358] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5359] <... futex resumed>) = 0 [pid 5359] memfd_create("syzkaller", 0 [pid 5358] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5359] <... memfd_create resumed>) = 3 [pid 5359] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5359] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5359] munmap(0x7f2656609000, 131072) = 0 [pid 5359] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5359] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5359] close(3) = 0 [pid 5359] mkdir("./file2", 0777) = 0 [pid 5359] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5359] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5359] chdir("./file2") = 0 [pid 5359] ioctl(4, LOOP_CLR_FD) = 0 [pid 5359] close(4) = 0 [pid 5359] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5358] <... futex resumed>) = 0 [pid 5359] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5358] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5359] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5358] <... futex resumed>) = 0 [pid 5359] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5358] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5359] <... openat resumed>) = 4 [pid 5359] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5358] <... futex resumed>) = 0 [pid 5359] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5358] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5359] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5358] <... futex resumed>) = 0 [pid 5359] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5358] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5359] <... openat resumed>) = 5 [pid 5359] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5358] <... futex resumed>) = 0 [pid 5359] write(4, "\x00\x00", 2 [pid 5358] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5359] <... write resumed>) = 2 [pid 5358] <... futex resumed>) = 0 [pid 5359] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5358] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5359] <... futex resumed>) = 0 [pid 5358] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5359] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5358] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5359] <... mmap resumed>) = 0x20000000 [pid 5358] <... futex resumed>) = 0 [pid 5359] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5358] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5359] <... futex resumed>) = 0 [pid 5358] <... futex resumed>) = 0 [pid 5359] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5358] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5358] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5358] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5360 attached , parent_tid=[5360], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5360 [pid 5358] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5358] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5360] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5360] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5360] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5360] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5358] <... futex resumed>) = 0 [pid 5360] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5358] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5359] <... futex resumed>) = 0 [pid 5358] <... futex resumed>) = 1 [pid 5359] getdents64(-1, [pid 5358] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5359] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5359] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5358] <... futex resumed>) = 0 [pid 5359] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5358] exit_group(0 [pid 5360] <... futex resumed>) = ? [pid 5359] <... futex resumed>) = ? [pid 5358] <... exit_group resumed>) = ? [pid 5360] +++ exited with 0 +++ [pid 5359] +++ exited with 0 +++ [pid 5358] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5358, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./93", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./93/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./93/binderfs") = 0 umount2("./93/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./93/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./93/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./93/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 [ 78.148508][ T5359] loop0: detected capacity change from 0 to 256 [ 78.158378][ T5359] exfat: Deprecated parameter 'utf8' [ 78.168267][ T5359] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./93/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./93") = 0 mkdir("./94", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5361 ./strace-static-x86_64: Process 5361 attached [pid 5361] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5361] chdir("./94") = 0 [pid 5361] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5361] setpgid(0, 0) = 0 [pid 5361] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5361] write(3, "1000", 4) = 4 [pid 5361] close(3) = 0 [pid 5361] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5361] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5361] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5361] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5361] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5362 attached , parent_tid=[5362], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5362 [pid 5362] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5362] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5361] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5361] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5362] <... futex resumed>) = 0 [pid 5362] memfd_create("syzkaller", 0) = 3 [pid 5362] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5362] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5362] munmap(0x7f2656609000, 131072) = 0 [pid 5362] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5362] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5362] close(3) = 0 [pid 5362] mkdir("./file2", 0777) = 0 [pid 5362] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5362] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5362] chdir("./file2") = 0 [pid 5362] ioctl(4, LOOP_CLR_FD) = 0 [pid 5362] close(4) = 0 [pid 5362] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5361] <... futex resumed>) = 0 [pid 5362] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5361] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5362] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5361] <... futex resumed>) = 0 [pid 5362] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5361] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5362] <... openat resumed>) = 4 [pid 5362] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5361] <... futex resumed>) = 0 [pid 5362] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5361] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5362] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5361] <... futex resumed>) = 0 [pid 5362] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5361] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5362] <... openat resumed>) = 5 [pid 5362] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5361] <... futex resumed>) = 0 [pid 5362] write(4, "\x00\x00", 2 [pid 5361] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5361] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5362] <... write resumed>) = 2 [pid 5362] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5361] <... futex resumed>) = 0 [pid 5362] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5361] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5361] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5361] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5362] <... mmap resumed>) = 0x20000000 [pid 5361] <... mmap resumed>) = 0x7f2656608000 [pid 5362] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5361] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5362] <... futex resumed>) = 0 [pid 5361] <... mprotect resumed>) = 0 [pid 5361] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5362] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5363 attached [pid 5363] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5363] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5361] <... clone resumed>, parent_tid=[5363], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5363 [pid 5361] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5363] <... futex resumed>) = 0 [pid 5361] <... futex resumed>) = 1 [pid 5363] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5361] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5363] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5363] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5361] <... futex resumed>) = 0 [pid 5363] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5361] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5361] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5362] <... futex resumed>) = 0 [pid 5362] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5362] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5361] <... futex resumed>) = 0 [pid 5362] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5361] exit_group(0 [pid 5363] <... futex resumed>) = ? [pid 5361] <... exit_group resumed>) = ? [pid 5363] +++ exited with 0 +++ [pid 5362] <... futex resumed>) = ? [pid 5362] +++ exited with 0 +++ [pid 5361] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5361, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./94", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./94/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./94/binderfs") = 0 [ 78.259840][ T5362] loop0: detected capacity change from 0 to 256 [ 78.269934][ T5362] exfat: Deprecated parameter 'utf8' [ 78.280475][ T5362] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./94/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./94/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./94/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./94/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./94/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./94") = 0 mkdir("./95", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5364 ./strace-static-x86_64: Process 5364 attached [pid 5364] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5364] chdir("./95") = 0 [pid 5364] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5364] setpgid(0, 0) = 0 [pid 5364] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5364] write(3, "1000", 4) = 4 [pid 5364] close(3) = 0 [pid 5364] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5364] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5364] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5364] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5364] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5365 attached , parent_tid=[5365], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5365 [pid 5365] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5365] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5364] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5364] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5365] <... futex resumed>) = 0 [pid 5365] memfd_create("syzkaller", 0) = 3 [pid 5365] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5365] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5365] munmap(0x7f2656609000, 131072) = 0 [pid 5365] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5365] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5365] close(3) = 0 [pid 5365] mkdir("./file2", 0777) = 0 [pid 5365] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5365] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5365] chdir("./file2") = 0 [pid 5365] ioctl(4, LOOP_CLR_FD) = 0 [pid 5365] close(4) = 0 [pid 5365] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5364] <... futex resumed>) = 0 [pid 5364] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5364] <... futex resumed>) = 0 [pid 5364] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5365] <... openat resumed>) = 4 [pid 5365] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5364] <... futex resumed>) = 0 [pid 5365] <... futex resumed>) = 1 [pid 5364] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5364] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5365] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5365] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5364] <... futex resumed>) = 0 [pid 5365] <... futex resumed>) = 1 [pid 5364] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5364] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5365] write(4, "\x00\x00", 2) = 2 [pid 5365] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5364] <... futex resumed>) = 0 [pid 5365] <... futex resumed>) = 1 [pid 5364] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5364] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5364] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5364] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5364] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5366], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5366 [pid 5364] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5364] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5365] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5365] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5366 attached [pid 5366] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5366] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5366] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5366] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5364] <... futex resumed>) = 0 [pid 5366] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5364] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5365] <... futex resumed>) = 0 [pid 5364] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5365] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5365] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5364] <... futex resumed>) = 0 [pid 5364] exit_group(0 [pid 5365] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5364] <... exit_group resumed>) = ? [pid 5365] <... futex resumed>) = ? [pid 5365] +++ exited with 0 +++ [pid 5366] <... futex resumed>) = ? [pid 5366] +++ exited with 0 +++ [pid 5364] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5364, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./95", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./95/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./95/binderfs") = 0 umount2("./95/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./95/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./95/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./95/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 78.382621][ T5365] loop0: detected capacity change from 0 to 256 [ 78.391082][ T5365] exfat: Deprecated parameter 'utf8' [ 78.401365][ T5365] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) openat(AT_FDCWD, "./95/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./95/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./95") = 0 mkdir("./96", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5367 ./strace-static-x86_64: Process 5367 attached [pid 5367] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5367] chdir("./96") = 0 [pid 5367] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5367] setpgid(0, 0) = 0 [pid 5367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5367] write(3, "1000", 4) = 4 [pid 5367] close(3) = 0 [pid 5367] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5367] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5367] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5367] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5367] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5368], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5368 [pid 5367] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5367] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5368 attached [pid 5368] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5368] memfd_create("syzkaller", 0) = 3 [pid 5368] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5368] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5368] munmap(0x7f2656609000, 131072) = 0 [pid 5368] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5368] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5368] close(3) = 0 [pid 5368] mkdir("./file2", 0777) = 0 [pid 5368] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5368] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5368] chdir("./file2") = 0 [pid 5368] ioctl(4, LOOP_CLR_FD) = 0 [pid 5368] close(4) = 0 [pid 5368] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5367] <... futex resumed>) = 0 [pid 5368] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5367] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5367] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5368] <... openat resumed>) = 4 [pid 5368] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5367] <... futex resumed>) = 0 [pid 5368] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5367] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5367] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5368] <... openat resumed>) = 5 [pid 5368] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5367] <... futex resumed>) = 0 [pid 5367] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5367] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5368] write(4, "\x00\x00", 2) = 2 [pid 5368] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5367] <... futex resumed>) = 0 [pid 5368] <... futex resumed>) = 1 [pid 5367] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5367] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5367] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5367] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5367] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5369 attached [pid 5369] set_robust_list(0x7f26566289e0, 24 [pid 5367] <... clone resumed>, parent_tid=[5369], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5369 [pid 5369] <... set_robust_list resumed>) = 0 [pid 5367] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5367] <... futex resumed>) = 0 [pid 5367] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5368] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5368] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] <... openat resumed>) = 6 [pid 5369] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5367] <... futex resumed>) = 0 [pid 5367] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5367] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5369] <... futex resumed>) = 1 [pid 5369] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5368] <... futex resumed>) = 1 [pid 5367] <... futex resumed>) = 0 [pid 5367] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5368] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 5368] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5367] <... futex resumed>) = 0 [pid 5368] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5367] exit_group(0) = ? [pid 5368] <... futex resumed>) = ? [pid 5369] <... futex resumed>) = ? [pid 5368] +++ exited with 0 +++ [pid 5369] +++ exited with 0 +++ [pid 5367] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5367, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./96", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./96/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./96/binderfs") = 0 [ 78.503843][ T5368] loop0: detected capacity change from 0 to 256 [ 78.512843][ T5368] exfat: Deprecated parameter 'utf8' [ 78.523694][ T5368] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./96/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./96/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./96/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./96/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./96/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./96") = 0 mkdir("./97", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5370 ./strace-static-x86_64: Process 5370 attached [pid 5370] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5370] chdir("./97") = 0 [pid 5370] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5370] setpgid(0, 0) = 0 [pid 5370] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5370] write(3, "1000", 4) = 4 [pid 5370] close(3) = 0 [pid 5370] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5370] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5370] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5370] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5370] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5371], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5371 ./strace-static-x86_64: Process 5371 attached [pid 5371] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5370] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5370] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5371] memfd_create("syzkaller", 0) = 3 [pid 5371] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5371] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5371] munmap(0x7f2656609000, 131072) = 0 [pid 5371] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5371] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5371] close(3) = 0 [pid 5371] mkdir("./file2", 0777) = 0 [pid 5371] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5371] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5371] chdir("./file2") = 0 [pid 5371] ioctl(4, LOOP_CLR_FD) = 0 [pid 5371] close(4) = 0 [pid 5371] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5371] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5370] <... futex resumed>) = 0 [pid 5370] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5370] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5371] <... futex resumed>) = 0 [pid 5371] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5371] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5370] <... futex resumed>) = 0 [pid 5370] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5370] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5371] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5371] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5370] <... futex resumed>) = 0 [pid 5370] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5370] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5371] write(4, "\x00\x00", 2) = 2 [pid 5371] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5370] <... futex resumed>) = 0 [pid 5371] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5370] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5370] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5370] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5371] <... mmap resumed>) = 0x20000000 [pid 5370] <... mmap resumed>) = 0x7f2656608000 [pid 5370] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5371] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5370] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5372 attached [pid 5371] <... futex resumed>) = 0 [pid 5371] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5370] <... clone resumed>, parent_tid=[5372], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5372 [pid 5370] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5370] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5372] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5372] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5372] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5372] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5370] <... futex resumed>) = 0 [pid 5370] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5371] <... futex resumed>) = 0 [pid 5370] <... futex resumed>) = 1 [pid 5371] getdents64(-1, [pid 5370] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5371] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5371] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5370] <... futex resumed>) = 0 [pid 5371] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5370] exit_group(0) = ? [pid 5371] <... futex resumed>) = ? [pid 5371] +++ exited with 0 +++ [pid 5372] +++ exited with 0 +++ [pid 5370] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5370, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./97", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./97/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./97/binderfs") = 0 [ 78.628578][ T5371] loop0: detected capacity change from 0 to 256 [ 78.637314][ T5371] exfat: Deprecated parameter 'utf8' [ 78.649172][ T5371] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./97/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./97/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./97/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./97/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./97/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./97") = 0 mkdir("./98", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5373 ./strace-static-x86_64: Process 5373 attached [pid 5373] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5373] chdir("./98") = 0 [pid 5373] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5373] setpgid(0, 0) = 0 [pid 5373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5373] write(3, "1000", 4) = 4 [pid 5373] close(3) = 0 [pid 5373] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5373] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5373] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5373] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5373] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5374 attached [pid 5374] set_robust_list(0x7f265ea299e0, 24 [pid 5373] <... clone resumed>, parent_tid=[5374], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5374 [pid 5374] <... set_robust_list resumed>) = 0 [pid 5373] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5374] memfd_create("syzkaller", 0) = 3 [pid 5373] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5374] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5374] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5374] munmap(0x7f2656609000, 131072) = 0 [pid 5374] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5374] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5374] close(3) = 0 [pid 5374] mkdir("./file2", 0777) = 0 [pid 5374] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5374] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5374] chdir("./file2") = 0 [pid 5374] ioctl(4, LOOP_CLR_FD) = 0 [pid 5374] close(4) = 0 [pid 5374] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5373] <... futex resumed>) = 0 [pid 5373] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5373] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5374] <... futex resumed>) = 1 [pid 5374] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5374] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5373] <... futex resumed>) = 0 [pid 5373] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5373] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5374] <... futex resumed>) = 1 [pid 5374] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5374] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5373] <... futex resumed>) = 0 [pid 5373] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5373] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5374] <... futex resumed>) = 1 [pid 5374] write(4, "\x00\x00", 2) = 2 [pid 5374] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5373] <... futex resumed>) = 0 [pid 5373] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5373] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5373] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5373] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5373] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5375], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5375 [pid 5373] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5373] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5374] <... futex resumed>) = 1 [pid 5374] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0./strace-static-x86_64: Process 5375 attached [pid 5375] set_robust_list(0x7f26566289e0, 24 [pid 5374] <... mmap resumed>) = 0x20000000 [pid 5375] <... set_robust_list resumed>) = 0 [pid 5374] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5374] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5375] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5375] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5375] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5373] <... futex resumed>) = 0 [pid 5375] <... futex resumed>) = 1 [pid 5375] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5373] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5374] <... futex resumed>) = 0 [pid 5374] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5374] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5374] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5373] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5373] exit_group(0) = ? [pid 5374] <... futex resumed>) = ? [pid 5375] <... futex resumed>) = ? [pid 5374] +++ exited with 0 +++ [pid 5375] +++ exited with 0 +++ [pid 5373] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5373, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./98", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./98/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./98/binderfs") = 0 [ 78.759729][ T5374] loop0: detected capacity change from 0 to 256 [ 78.768918][ T5374] exfat: Deprecated parameter 'utf8' [ 78.779299][ T5374] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./98/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./98/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./98/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./98/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./98/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./98") = 0 mkdir("./99", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5376 ./strace-static-x86_64: Process 5376 attached [pid 5376] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5376] chdir("./99") = 0 [pid 5376] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5376] setpgid(0, 0) = 0 [pid 5376] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5376] write(3, "1000", 4) = 4 [pid 5376] close(3) = 0 [pid 5376] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5376] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5376] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5376] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5376] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5377 attached , parent_tid=[5377], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5377 [pid 5377] set_robust_list(0x7f265ea299e0, 24 [pid 5376] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5377] <... set_robust_list resumed>) = 0 [pid 5376] <... futex resumed>) = 0 [pid 5376] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5377] memfd_create("syzkaller", 0) = 3 [pid 5377] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5377] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5377] munmap(0x7f2656609000, 131072) = 0 [pid 5377] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5377] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5377] close(3) = 0 [pid 5377] mkdir("./file2", 0777) = 0 [pid 5377] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5377] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5377] chdir("./file2") = 0 [pid 5377] ioctl(4, LOOP_CLR_FD) = 0 [pid 5377] close(4) = 0 [pid 5377] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5376] <... futex resumed>) = 0 [pid 5376] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5376] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5377] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5377] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5376] <... futex resumed>) = 0 [pid 5376] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5376] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5377] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5377] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5376] <... futex resumed>) = 0 [pid 5376] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5376] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5377] write(4, "\x00\x00", 2) = 2 [pid 5377] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5376] <... futex resumed>) = 0 [pid 5376] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5376] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5376] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5377] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5376] <... mmap resumed>) = 0x7f2656608000 [pid 5376] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5377] <... mmap resumed>) = 0x20000000 [pid 5376] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5378], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5378 [pid 5376] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5376] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5377] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5378 attached [pid 5378] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5378] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5378] openat(AT_FDCWD, "", O_RDONLY [pid 5377] <... futex resumed>) = 0 [pid 5378] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5378] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5376] <... futex resumed>) = 0 [pid 5376] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5376] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] <... futex resumed>) = 1 [pid 5378] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5377] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5377] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5376] <... futex resumed>) = 0 [pid 5377] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5376] exit_group(0 [pid 5378] <... futex resumed>) = ? [pid 5377] <... futex resumed>) = ? [pid 5376] <... exit_group resumed>) = ? [pid 5378] +++ exited with 0 +++ [pid 5377] +++ exited with 0 +++ [pid 5376] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5376, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./99", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./99/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 78.874499][ T5377] loop0: detected capacity change from 0 to 256 [ 78.884963][ T5377] exfat: Deprecated parameter 'utf8' [ 78.895827][ T5377] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) unlink("./99/binderfs") = 0 umount2("./99/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./99/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./99/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./99/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./99/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./99") = 0 mkdir("./100", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5379 ./strace-static-x86_64: Process 5379 attached [pid 5379] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5379] chdir("./100") = 0 [pid 5379] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5379] setpgid(0, 0) = 0 [pid 5379] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5379] write(3, "1000", 4) = 4 [pid 5379] close(3) = 0 [pid 5379] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5379] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5379] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5379] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5379] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5380], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5380 [pid 5379] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5379] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5380 attached [pid 5380] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5380] memfd_create("syzkaller", 0) = 3 [pid 5380] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5380] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5380] munmap(0x7f2656609000, 131072) = 0 [pid 5380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5380] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5380] close(3) = 0 [pid 5380] mkdir("./file2", 0777) = 0 [pid 5380] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5380] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5380] chdir("./file2") = 0 [pid 5380] ioctl(4, LOOP_CLR_FD) = 0 [pid 5380] close(4) = 0 [pid 5380] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5379] <... futex resumed>) = 0 [pid 5379] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5379] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5380] <... futex resumed>) = 1 [pid 5380] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5380] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5379] <... futex resumed>) = 0 [pid 5379] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5379] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5380] <... futex resumed>) = 1 [pid 5380] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5380] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5379] <... futex resumed>) = 0 [pid 5379] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5379] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5380] <... futex resumed>) = 1 [pid 5380] write(4, "\x00\x00", 2) = 2 [pid 5380] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5379] <... futex resumed>) = 0 [pid 5379] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5379] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5379] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5379] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5379] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5381], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5381 [pid 5379] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5379] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5380] <... futex resumed>) = 1 [pid 5380] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5380] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5380] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5381 attached [pid 5381] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5381] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5381] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5381] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5379] <... futex resumed>) = 0 [pid 5379] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5379] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5380] <... futex resumed>) = 0 [pid 5381] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5380] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5380] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5379] <... futex resumed>) = 0 [pid 5380] <... futex resumed>) = 1 [pid 5379] exit_group(0) = ? [pid 5381] <... futex resumed>) = ? [pid 5380] +++ exited with 0 +++ [pid 5381] +++ exited with 0 +++ [pid 5379] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5379, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./100", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./100/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./100/binderfs") = 0 [ 78.984864][ T5380] loop0: detected capacity change from 0 to 256 [ 78.995049][ T5380] exfat: Deprecated parameter 'utf8' [ 79.008801][ T5380] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./100/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./100/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./100/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./100/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./100/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./100") = 0 mkdir("./101", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5382 ./strace-static-x86_64: Process 5382 attached [pid 5382] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5382] chdir("./101") = 0 [pid 5382] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5382] setpgid(0, 0) = 0 [pid 5382] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5382] write(3, "1000", 4) = 4 [pid 5382] close(3) = 0 [pid 5382] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5382] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5382] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5382] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5382] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5383 attached , parent_tid=[5383], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5383 [pid 5383] set_robust_list(0x7f265ea299e0, 24 [pid 5382] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] <... set_robust_list resumed>) = 0 [pid 5382] <... futex resumed>) = 0 [pid 5383] memfd_create("syzkaller", 0) = 3 [pid 5383] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5382] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5383] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5383] munmap(0x7f2656609000, 131072) = 0 [pid 5383] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5383] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5383] close(3) = 0 [pid 5383] mkdir("./file2", 0777) = 0 [pid 5383] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5383] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5383] chdir("./file2") = 0 [pid 5383] ioctl(4, LOOP_CLR_FD) = 0 [pid 5383] close(4) = 0 [pid 5383] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5382] <... futex resumed>) = 0 [pid 5382] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5382] <... futex resumed>) = 0 [pid 5382] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5383] <... openat resumed>) = 4 [pid 5383] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5382] <... futex resumed>) = 0 [pid 5382] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5382] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5383] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5383] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5382] <... futex resumed>) = 0 [pid 5382] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5382] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5383] write(4, "\x00\x00", 2) = 2 [pid 5383] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5382] <... futex resumed>) = 0 [pid 5382] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5382] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5382] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5382] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5383] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5382] <... mprotect resumed>) = 0 [pid 5383] <... mmap resumed>) = 0x20000000 [pid 5382] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5383] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5384 attached ) = 0 [pid 5382] <... clone resumed>, parent_tid=[5384], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5384 [pid 5383] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5382] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5384] set_robust_list(0x7f26566289e0, 24 [pid 5382] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5384] <... set_robust_list resumed>) = 0 [pid 5384] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5384] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5384] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5382] <... futex resumed>) = 0 [pid 5384] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5382] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5382] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5383] <... futex resumed>) = 0 [pid 5383] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5383] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5382] <... futex resumed>) = 0 [pid 5383] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5382] exit_group(0 [pid 5383] <... futex resumed>) = ? [pid 5382] <... exit_group resumed>) = ? [pid 5383] +++ exited with 0 +++ [pid 5384] <... futex resumed>) = ? [ 79.104093][ T5383] loop0: detected capacity change from 0 to 256 [ 79.115349][ T5383] exfat: Deprecated parameter 'utf8' [ 79.126371][ T5383] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5384] +++ exited with 0 +++ [pid 5382] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5382, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./101", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./101/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./101/binderfs") = 0 umount2("./101/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./101/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./101/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./101/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./101/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./101") = 0 mkdir("./102", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5385 ./strace-static-x86_64: Process 5385 attached [pid 5385] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5385] chdir("./102") = 0 [pid 5385] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5385] setpgid(0, 0) = 0 [pid 5385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5385] write(3, "1000", 4) = 4 [pid 5385] close(3) = 0 [pid 5385] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5385] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5385] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5385] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5385] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5386], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5386 [pid 5385] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5385] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5386 attached [pid 5386] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5386] memfd_create("syzkaller", 0) = 3 [pid 5386] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5386] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5386] munmap(0x7f2656609000, 131072) = 0 [pid 5386] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5386] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5386] close(3) = 0 [pid 5386] mkdir("./file2", 0777) = 0 [pid 5386] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5386] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5386] chdir("./file2") = 0 [pid 5386] ioctl(4, LOOP_CLR_FD) = 0 [pid 5386] close(4) = 0 [pid 5386] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5385] <... futex resumed>) = 0 [pid 5385] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5385] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5386] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5386] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5385] <... futex resumed>) = 0 [pid 5385] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5385] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5386] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5386] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5385] <... futex resumed>) = 0 [pid 5385] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5385] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5386] write(4, "\x00\x00", 2) = 2 [pid 5386] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5385] <... futex resumed>) = 0 [pid 5386] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5385] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5386] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5385] <... futex resumed>) = 0 [pid 5385] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5385] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5386] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5385] <... mmap resumed>) = 0x7f2656608000 [pid 5386] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5385] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5386] <... futex resumed>) = 0 [pid 5386] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5385] <... mprotect resumed>) = 0 [pid 5385] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5387], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5387 ./strace-static-x86_64: Process 5387 attached [pid 5385] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5387] set_robust_list(0x7f26566289e0, 24 [pid 5385] <... futex resumed>) = 0 [pid 5387] <... set_robust_list resumed>) = 0 [pid 5385] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5387] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5387] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5387] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5385] <... futex resumed>) = 0 [pid 5387] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5385] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5386] <... futex resumed>) = 0 [pid 5385] <... futex resumed>) = 1 [pid 5386] getdents64(-1, [pid 5385] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5386] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5386] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5385] <... futex resumed>) = 0 [pid 5386] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5385] exit_group(0 [pid 5386] <... futex resumed>) = ? [pid 5385] <... exit_group resumed>) = ? [pid 5386] +++ exited with 0 +++ [pid 5387] <... futex resumed>) = ? [pid 5387] +++ exited with 0 +++ [pid 5385] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5385, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./102", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./102/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./102/binderfs") = 0 [ 79.248929][ T5386] loop0: detected capacity change from 0 to 256 [ 79.258203][ T5386] exfat: Deprecated parameter 'utf8' [ 79.269634][ T5386] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./102/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./102/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./102/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./102/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./102/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./102") = 0 mkdir("./103", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5388 ./strace-static-x86_64: Process 5388 attached [pid 5388] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5388] chdir("./103") = 0 [pid 5388] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5388] setpgid(0, 0) = 0 [pid 5388] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5388] write(3, "1000", 4) = 4 [pid 5388] close(3) = 0 [pid 5388] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5388] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5388] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5388] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5388] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5389 attached [pid 5389] set_robust_list(0x7f265ea299e0, 24 [pid 5388] <... clone resumed>, parent_tid=[5389], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5389 [pid 5389] <... set_robust_list resumed>) = 0 [pid 5388] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] memfd_create("syzkaller", 0 [pid 5388] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5389] <... memfd_create resumed>) = 3 [pid 5389] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5389] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5389] munmap(0x7f2656609000, 131072) = 0 [pid 5389] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5389] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5389] close(3) = 0 [pid 5389] mkdir("./file2", 0777) = 0 [pid 5389] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5389] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5389] chdir("./file2") = 0 [pid 5389] ioctl(4, LOOP_CLR_FD) = 0 [pid 5389] close(4) = 0 [pid 5389] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5388] <... futex resumed>) = 0 [pid 5388] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5388] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5389] <... futex resumed>) = 1 [pid 5389] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5389] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5388] <... futex resumed>) = 0 [pid 5388] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5388] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5389] <... futex resumed>) = 1 [pid 5389] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5389] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5388] <... futex resumed>) = 0 [pid 5388] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5388] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5389] <... futex resumed>) = 1 [pid 5389] write(4, "\x00\x00", 2) = 2 [pid 5389] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5388] <... futex resumed>) = 0 [pid 5388] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5388] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5388] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5388] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5388] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5390], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5390 [pid 5388] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5388] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5389] <... futex resumed>) = 1 [pid 5389] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5389] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5390 attached [pid 5390] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5390] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5390] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5390] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5388] <... futex resumed>) = 0 [pid 5388] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] <... futex resumed>) = 0 [pid 5388] <... futex resumed>) = 1 [pid 5389] getdents64(-1, [pid 5388] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5389] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5389] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5388] <... futex resumed>) = 0 [pid 5389] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5388] exit_group(0 [pid 5389] <... futex resumed>) = ? [pid 5388] <... exit_group resumed>) = ? [pid 5389] +++ exited with 0 +++ [pid 5390] +++ exited with 0 +++ [pid 5388] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5388, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./103", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./103/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./103/binderfs") = 0 umount2("./103/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./103/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./103/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./103/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./103/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./103") = 0 mkdir("./104", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5391 ./strace-static-x86_64: Process 5391 attached [pid 5391] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5391] chdir("./104") = 0 [pid 5391] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5391] setpgid(0, 0) = 0 [ 79.382526][ T5389] loop0: detected capacity change from 0 to 256 [ 79.392635][ T5389] exfat: Deprecated parameter 'utf8' [ 79.402874][ T5389] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5391] write(3, "1000", 4) = 4 [pid 5391] close(3) = 0 [pid 5391] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5391] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5391] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5391] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5391] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5392], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5392 [pid 5391] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5391] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5392 attached [pid 5392] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5392] memfd_create("syzkaller", 0) = 3 [pid 5392] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5392] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5392] munmap(0x7f2656609000, 131072) = 0 [pid 5392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5392] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5392] close(3) = 0 [pid 5392] mkdir("./file2", 0777) = 0 [pid 5392] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5392] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5392] chdir("./file2") = 0 [pid 5392] ioctl(4, LOOP_CLR_FD) = 0 [pid 5392] close(4) = 0 [pid 5392] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5391] <... futex resumed>) = 0 [pid 5391] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5391] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5392] <... futex resumed>) = 1 [pid 5392] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5392] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5391] <... futex resumed>) = 0 [pid 5391] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5391] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5392] <... futex resumed>) = 1 [pid 5392] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5392] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5391] <... futex resumed>) = 0 [pid 5391] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5391] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5392] <... futex resumed>) = 1 [pid 5392] write(4, "\x00\x00", 2) = 2 [pid 5392] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5391] <... futex resumed>) = 0 [pid 5391] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5391] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5391] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5391] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5391] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5393 attached , parent_tid=[5393], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5393 [pid 5391] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5391] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5393] set_robust_list(0x7f26566289e0, 24 [pid 5392] <... futex resumed>) = 1 [pid 5392] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5393] <... set_robust_list resumed>) = 0 [pid 5392] <... mmap resumed>) = 0x20000000 [pid 5392] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5392] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5393] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5393] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5393] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5391] <... futex resumed>) = 0 [pid 5391] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5392] <... futex resumed>) = 0 [pid 5391] <... futex resumed>) = 1 [pid 5392] getdents64(-1, [pid 5391] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5392] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5392] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5391] <... futex resumed>) = 0 [pid 5393] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5392] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5391] exit_group(0 [pid 5392] <... futex resumed>) = ? [pid 5391] <... exit_group resumed>) = ? [pid 5392] +++ exited with 0 +++ [pid 5393] <... futex resumed>) = ? [pid 5393] +++ exited with 0 +++ [pid 5391] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5391, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./104", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./104/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./104/binderfs") = 0 [ 79.479291][ T5392] loop0: detected capacity change from 0 to 256 [ 79.488377][ T5392] exfat: Deprecated parameter 'utf8' [ 79.502632][ T5392] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./104/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./104/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./104/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./104/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./104/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./104") = 0 mkdir("./105", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5394 ./strace-static-x86_64: Process 5394 attached [pid 5394] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5394] chdir("./105") = 0 [pid 5394] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5394] setpgid(0, 0) = 0 [pid 5394] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5394] write(3, "1000", 4) = 4 [pid 5394] close(3) = 0 [pid 5394] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5394] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5394] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5394] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5394] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5395 attached , parent_tid=[5395], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5395 [pid 5395] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5395] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5394] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5395] <... futex resumed>) = 0 [pid 5394] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5395] memfd_create("syzkaller", 0) = 3 [pid 5395] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5395] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5395] munmap(0x7f2656609000, 131072) = 0 [pid 5395] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5395] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5395] close(3) = 0 [pid 5395] mkdir("./file2", 0777) = 0 [pid 5395] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5395] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5395] chdir("./file2") = 0 [pid 5395] ioctl(4, LOOP_CLR_FD) = 0 [pid 5395] close(4) = 0 [pid 5395] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5394] <... futex resumed>) = 0 [pid 5394] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5395] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5394] <... futex resumed>) = 0 [pid 5394] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5395] <... openat resumed>) = 4 [pid 5395] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5394] <... futex resumed>) = 0 [pid 5395] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5394] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5394] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5395] <... openat resumed>) = 5 [pid 5395] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5394] <... futex resumed>) = 0 [pid 5395] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5394] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5395] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5394] <... futex resumed>) = 0 [pid 5395] write(4, "\x00\x00", 2 [pid 5394] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5395] <... write resumed>) = 2 [pid 5395] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5395] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5394] <... futex resumed>) = 0 [pid 5394] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5395] <... futex resumed>) = 0 [pid 5394] <... futex resumed>) = 1 [pid 5395] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5394] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5395] <... mmap resumed>) = 0x20000000 [pid 5394] <... futex resumed>) = 0 [pid 5395] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5394] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5395] <... futex resumed>) = 0 [pid 5394] <... mmap resumed>) = 0x7f2656608000 [pid 5395] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5394] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5394] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5396], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5396 ./strace-static-x86_64: Process 5396 attached [pid 5394] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5394] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5396] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5396] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5396] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5396] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5394] <... futex resumed>) = 0 [pid 5396] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5394] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5395] <... futex resumed>) = 0 [pid 5394] <... futex resumed>) = 1 [pid 5395] getdents64(-1, [pid 5394] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5395] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5395] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5394] <... futex resumed>) = 0 [pid 5395] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5394] exit_group(0 [pid 5396] <... futex resumed>) = ? [pid 5395] <... futex resumed>) = ? [pid 5394] <... exit_group resumed>) = ? [pid 5396] +++ exited with 0 +++ [pid 5395] +++ exited with 0 +++ [pid 5394] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5394, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [ 79.612828][ T5395] loop0: detected capacity change from 0 to 256 [ 79.631863][ T5395] exfat: Deprecated parameter 'utf8' [ 79.642040][ T5395] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./105", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./105/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./105/binderfs") = 0 umount2("./105/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./105/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./105/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./105/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./105/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./105") = 0 mkdir("./106", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5397 ./strace-static-x86_64: Process 5397 attached [pid 5397] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5397] chdir("./106") = 0 [pid 5397] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5397] setpgid(0, 0) = 0 [pid 5397] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5397] write(3, "1000", 4) = 4 [pid 5397] close(3) = 0 [pid 5397] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5397] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5397] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5397] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5397] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5398 attached , parent_tid=[5398], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5398 [pid 5398] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5398] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5397] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5398] <... futex resumed>) = 0 [pid 5397] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5398] memfd_create("syzkaller", 0) = 3 [pid 5398] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5398] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5398] munmap(0x7f2656609000, 131072) = 0 [pid 5398] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5398] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5398] close(3) = 0 [pid 5398] mkdir("./file2", 0777) = 0 [pid 5398] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5398] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5398] chdir("./file2") = 0 [pid 5398] ioctl(4, LOOP_CLR_FD) = 0 [pid 5398] close(4) = 0 [pid 5398] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5397] <... futex resumed>) = 0 [pid 5398] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5397] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5398] <... futex resumed>) = 0 [pid 5398] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5397] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5398] <... openat resumed>) = 4 [pid 5398] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5397] <... futex resumed>) = 0 [pid 5398] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5397] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5397] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5398] <... openat resumed>) = 5 [pid 5398] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5397] <... futex resumed>) = 0 [pid 5398] write(4, "\x00\x00", 2 [pid 5397] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5397] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5398] <... write resumed>) = 2 [pid 5398] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5397] <... futex resumed>) = 0 [pid 5398] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5397] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5397] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5397] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5398] <... mmap resumed>) = 0x20000000 [pid 5398] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5397] <... mmap resumed>) = 0x7f2656608000 [pid 5397] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5398] <... futex resumed>) = 0 [pid 5397] <... mprotect resumed>) = 0 [pid 5398] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5397] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5399 attached , parent_tid=[5399], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5399 [pid 5399] set_robust_list(0x7f26566289e0, 24 [pid 5397] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5397] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5399] <... set_robust_list resumed>) = 0 [pid 5399] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5399] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5399] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5397] <... futex resumed>) = 0 [pid 5397] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5398] <... futex resumed>) = 0 [pid 5397] <... futex resumed>) = 1 [pid 5398] getdents64(-1, [pid 5397] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5398] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5399] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5398] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5397] <... futex resumed>) = 0 [pid 5398] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5397] exit_group(0 [pid 5398] <... futex resumed>) = ? [pid 5397] <... exit_group resumed>) = ? [pid 5398] +++ exited with 0 +++ [pid 5399] <... futex resumed>) = ? [pid 5399] +++ exited with 0 +++ [pid 5397] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5397, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./106", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./106/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./106/binderfs") = 0 umount2("./106/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./106/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./106/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./106/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./106/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./106") = 0 mkdir("./107", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 79.754182][ T5398] loop0: detected capacity change from 0 to 256 [ 79.762866][ T5398] exfat: Deprecated parameter 'utf8' [ 79.774086][ T5398] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5400 ./strace-static-x86_64: Process 5400 attached [pid 5400] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5400] chdir("./107") = 0 [pid 5400] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5400] setpgid(0, 0) = 0 [pid 5400] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5400] write(3, "1000", 4) = 4 [pid 5400] close(3) = 0 [pid 5400] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5400] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5400] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5400] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5400] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5401], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5401 ./strace-static-x86_64: Process 5401 attached [pid 5401] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5401] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5400] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5401] <... futex resumed>) = 0 [pid 5400] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5401] memfd_create("syzkaller", 0) = 3 [pid 5401] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5401] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5401] munmap(0x7f2656609000, 131072) = 0 [pid 5401] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5401] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5401] close(3) = 0 [pid 5401] mkdir("./file2", 0777) = 0 [pid 5401] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5401] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5401] chdir("./file2") = 0 [pid 5401] ioctl(4, LOOP_CLR_FD) = 0 [pid 5401] close(4) = 0 [pid 5401] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5400] <... futex resumed>) = 0 [pid 5400] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5400] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5401] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5401] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5400] <... futex resumed>) = 0 [pid 5400] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5400] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5401] <... futex resumed>) = 1 [pid 5401] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5401] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5400] <... futex resumed>) = 0 [pid 5400] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5400] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5401] <... futex resumed>) = 1 [pid 5401] write(4, "\x00\x00", 2) = 2 [pid 5401] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5400] <... futex resumed>) = 0 [pid 5401] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5400] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5400] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5400] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5401] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5400] <... mmap resumed>) = 0x7f2656608000 [pid 5400] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5401] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5400] <... mprotect resumed>) = 0 [pid 5400] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5402], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5402 ./strace-static-x86_64: Process 5402 attached [pid 5401] <... mmap resumed>) = 0x20000000 [pid 5400] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5400] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5401] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5401] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5402] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5402] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5402] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5402] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5400] <... futex resumed>) = 0 [pid 5400] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5401] <... futex resumed>) = 0 [pid 5400] <... futex resumed>) = 1 [pid 5400] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5401] getdents64(-1, [pid 5402] <... futex resumed>) = 1 [pid 5401] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5402] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5401] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5401] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5400] <... futex resumed>) = 0 [pid 5400] exit_group(0) = ? [pid 5401] <... futex resumed>) = ? [pid 5402] <... futex resumed>) = ? [pid 5402] +++ exited with 0 +++ [pid 5401] +++ exited with 0 +++ [pid 5400] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5400, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./107", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./107/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./107/binderfs") = 0 umount2("./107/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./107/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./107/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./107/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 [ 79.870543][ T5401] loop0: detected capacity change from 0 to 256 [ 79.879126][ T5401] exfat: Deprecated parameter 'utf8' [ 79.889316][ T5401] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) rmdir("./107/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./107") = 0 mkdir("./108", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5403 ./strace-static-x86_64: Process 5403 attached [pid 5403] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5403] chdir("./108") = 0 [pid 5403] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5403] setpgid(0, 0) = 0 [pid 5403] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5403] write(3, "1000", 4) = 4 [pid 5403] close(3) = 0 [pid 5403] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5403] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5403] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5403] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5403] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5404 attached [pid 5404] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5403] <... clone resumed>, parent_tid=[5404], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5404 [pid 5403] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5403] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5404] memfd_create("syzkaller", 0) = 3 [pid 5404] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5404] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5404] munmap(0x7f2656609000, 131072) = 0 [pid 5404] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5404] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5404] close(3) = 0 [pid 5404] mkdir("./file2", 0777) = 0 [pid 5404] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5404] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5404] chdir("./file2") = 0 [pid 5404] ioctl(4, LOOP_CLR_FD) = 0 [pid 5404] close(4) = 0 [pid 5404] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5403] <... futex resumed>) = 0 [pid 5403] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5403] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5404] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5404] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5403] <... futex resumed>) = 0 [pid 5403] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5403] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5404] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5404] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5403] <... futex resumed>) = 0 [pid 5403] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5403] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5404] write(4, "\x00\x00", 2) = 2 [pid 5404] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5403] <... futex resumed>) = 0 [pid 5403] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5403] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5403] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5404] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5403] <... mmap resumed>) = 0x7f2656608000 [pid 5403] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5404] <... mmap resumed>) = 0x20000000 [pid 5403] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5404] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5403] <... clone resumed>, parent_tid=[5405], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5405 [pid 5403] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5403] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5405 attached [pid 5405] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5405] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5405] openat(AT_FDCWD, "", O_RDONLY [pid 5404] <... futex resumed>) = 0 [pid 5404] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5405] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5405] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5403] <... futex resumed>) = 0 [pid 5403] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5404] <... futex resumed>) = 0 [pid 5403] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5405] <... futex resumed>) = 1 [pid 5404] getdents64(-1, [pid 5405] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5404] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5404] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5403] <... futex resumed>) = 0 [pid 5404] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5403] exit_group(0) = ? [pid 5404] <... futex resumed>) = ? [pid 5405] <... futex resumed>) = ? [pid 5404] +++ exited with 0 +++ [pid 5405] +++ exited with 0 +++ [pid 5403] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5403, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./108", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./108/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./108/binderfs") = 0 [ 79.975517][ T5404] loop0: detected capacity change from 0 to 256 [ 79.985581][ T5404] exfat: Deprecated parameter 'utf8' [ 79.996543][ T5404] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./108/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./108/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./108/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./108/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./108/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./108") = 0 mkdir("./109", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5406 ./strace-static-x86_64: Process 5406 attached [pid 5406] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5406] chdir("./109") = 0 [pid 5406] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5406] setpgid(0, 0) = 0 [pid 5406] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5406] write(3, "1000", 4) = 4 [pid 5406] close(3) = 0 [pid 5406] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5406] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5406] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5406] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5406] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5407], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5407 [pid 5406] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5406] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5407 attached [pid 5407] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5407] memfd_create("syzkaller", 0) = 3 [pid 5407] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5407] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5407] munmap(0x7f2656609000, 131072) = 0 [pid 5407] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5407] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5407] close(3) = 0 [pid 5407] mkdir("./file2", 0777) = 0 [pid 5407] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5407] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5407] chdir("./file2") = 0 [pid 5407] ioctl(4, LOOP_CLR_FD) = 0 [pid 5407] close(4) = 0 [pid 5407] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5406] <... futex resumed>) = 0 [pid 5406] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5406] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5407] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5407] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5406] <... futex resumed>) = 0 [pid 5406] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5406] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5407] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5407] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5406] <... futex resumed>) = 0 [pid 5406] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5406] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5407] write(4, "\x00\x00", 2) = 2 [pid 5407] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5406] <... futex resumed>) = 0 [pid 5406] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5406] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5406] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5407] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5406] <... mmap resumed>) = 0x7f2656608000 [pid 5406] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5407] <... mmap resumed>) = 0x20000000 [pid 5406] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5407] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5406] <... clone resumed>, parent_tid=[5408], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5408 [pid 5406] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5406] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5408 attached [pid 5408] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5408] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5407] <... futex resumed>) = 0 [pid 5408] openat(AT_FDCWD, "", O_RDONLY [pid 5407] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5408] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5408] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5406] <... futex resumed>) = 0 [pid 5406] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5406] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5408] <... futex resumed>) = 1 [pid 5408] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5407] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5407] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5407] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5406] <... futex resumed>) = 0 [pid 5407] <... futex resumed>) = 1 [pid 5406] exit_group(0) = ? [pid 5408] <... futex resumed>) = ? [pid 5408] +++ exited with 0 +++ [pid 5407] +++ exited with 0 +++ [pid 5406] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5406, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./109", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./109/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./109/binderfs") = 0 umount2("./109/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 80.094803][ T5407] loop0: detected capacity change from 0 to 256 [ 80.103862][ T5407] exfat: Deprecated parameter 'utf8' [ 80.114584][ T5407] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./109/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./109/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./109/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./109/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./109") = 0 mkdir("./110", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5409 ./strace-static-x86_64: Process 5409 attached [pid 5409] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5409] chdir("./110") = 0 [pid 5409] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5409] setpgid(0, 0) = 0 [pid 5409] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5409] write(3, "1000", 4) = 4 [pid 5409] close(3) = 0 [pid 5409] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5409] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5409] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5409] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5409] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5410 attached , parent_tid=[5410], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5410 [pid 5410] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5410] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5409] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5410] memfd_create("syzkaller", 0) = 3 [pid 5410] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5409] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5410] <... mmap resumed>) = 0x7f2656609000 [pid 5410] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5410] munmap(0x7f2656609000, 131072) = 0 [pid 5410] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5410] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5410] close(3) = 0 [pid 5410] mkdir("./file2", 0777) = 0 [pid 5410] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5410] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5410] chdir("./file2") = 0 [pid 5410] ioctl(4, LOOP_CLR_FD) = 0 [pid 5410] close(4) = 0 [pid 5410] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5409] <... futex resumed>) = 0 [pid 5409] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5410] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5409] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5410] <... openat resumed>) = 4 [pid 5410] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5409] <... futex resumed>) = 0 [pid 5410] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5409] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5409] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5410] <... openat resumed>) = 5 [pid 5410] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5409] <... futex resumed>) = 0 [pid 5410] <... futex resumed>) = 1 [pid 5410] write(4, "\x00\x00", 2 [pid 5409] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5409] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5410] <... write resumed>) = 2 [pid 5410] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5409] <... futex resumed>) = 0 [pid 5409] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5409] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5409] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5409] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5409] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5411 attached , parent_tid=[5411], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5411 [pid 5409] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5409] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5411] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5410] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5411] <... openat resumed>) = 6 [pid 5410] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5411] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5409] <... futex resumed>) = 0 [pid 5409] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5409] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] <... futex resumed>) = 1 [pid 5411] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5410] <... futex resumed>) = 1 [pid 5409] <... futex resumed>) = 0 [pid 5409] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5410] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 5410] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5409] <... futex resumed>) = 0 [pid 5409] exit_group(0 [pid 5411] <... futex resumed>) = ? [pid 5409] <... exit_group resumed>) = ? [pid 5411] +++ exited with 0 +++ [pid 5410] +++ exited with 0 +++ [pid 5409] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5409, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./110", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./110/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./110/binderfs") = 0 [ 80.224782][ T5410] loop0: detected capacity change from 0 to 256 [ 80.233540][ T5410] exfat: Deprecated parameter 'utf8' [ 80.244804][ T5410] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./110/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./110/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./110/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./110/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./110/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./110") = 0 mkdir("./111", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5412 attached , child_tidptr=0x555556b3a6d0) = 5412 [pid 5412] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5412] chdir("./111") = 0 [pid 5412] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5412] setpgid(0, 0) = 0 [pid 5412] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5412] write(3, "1000", 4) = 4 [pid 5412] close(3) = 0 [pid 5412] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5412] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5412] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5412] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5412] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5413 attached , parent_tid=[5413], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5413 [pid 5412] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5412] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5413] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5413] memfd_create("syzkaller", 0) = 3 [pid 5413] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5413] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5413] munmap(0x7f2656609000, 131072) = 0 [pid 5413] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5413] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5413] close(3) = 0 [pid 5413] mkdir("./file2", 0777) = 0 [pid 5413] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5413] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5413] chdir("./file2") = 0 [pid 5413] ioctl(4, LOOP_CLR_FD) = 0 [pid 5413] close(4) = 0 [pid 5413] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5413] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5412] <... futex resumed>) = 0 [pid 5412] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5413] <... futex resumed>) = 0 [pid 5413] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5412] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5413] <... openat resumed>) = 4 [pid 5413] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5412] <... futex resumed>) = 0 [pid 5412] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5412] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5413] <... futex resumed>) = 1 [pid 5413] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5413] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5412] <... futex resumed>) = 0 [pid 5412] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5413] write(4, "\x00\x00", 2 [pid 5412] <... futex resumed>) = 0 [pid 5412] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5413] <... write resumed>) = 2 [pid 5413] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5412] <... futex resumed>) = 0 [pid 5413] <... futex resumed>) = 1 [pid 5413] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5412] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5412] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5412] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5413] <... mmap resumed>) = 0x20000000 [pid 5412] <... mmap resumed>) = 0x7f2656608000 [pid 5412] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5413] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5412] <... mprotect resumed>) = 0 [pid 5412] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5413] <... futex resumed>) = 0 [pid 5412] <... clone resumed>, parent_tid=[5414], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5414 [pid 5412] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5412] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5414 attached [pid 5414] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5414] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5414] openat(AT_FDCWD, "", O_RDONLY [pid 5413] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5414] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5414] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5412] <... futex resumed>) = 0 [pid 5412] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 80.359371][ T5413] loop0: detected capacity change from 0 to 256 [ 80.369504][ T5413] exfat: Deprecated parameter 'utf8' [ 80.380414][ T5413] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5412] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5414] <... futex resumed>) = 1 [pid 5414] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5413] <... futex resumed>) = 0 [pid 5413] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5413] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5412] <... futex resumed>) = 0 [pid 5413] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5412] exit_group(0) = ? [pid 5414] <... futex resumed>) = ? [pid 5413] <... futex resumed>) = ? [pid 5414] +++ exited with 0 +++ [pid 5413] +++ exited with 0 +++ [pid 5412] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5412, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./111", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./111/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./111/binderfs") = 0 umount2("./111/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./111/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./111/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./111/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./111/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./111") = 0 mkdir("./112", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5415 ./strace-static-x86_64: Process 5415 attached [pid 5415] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5415] chdir("./112") = 0 [pid 5415] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5415] setpgid(0, 0) = 0 [pid 5415] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5415] write(3, "1000", 4) = 4 [pid 5415] close(3) = 0 [pid 5415] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5415] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5415] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5415] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5415] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5416], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5416 [pid 5415] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5415] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5416 attached [pid 5416] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5416] memfd_create("syzkaller", 0) = 3 [pid 5416] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5416] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5416] munmap(0x7f2656609000, 131072) = 0 [pid 5416] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5416] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5416] close(3) = 0 [pid 5416] mkdir("./file2", 0777) = 0 [ 80.479322][ T5416] loop0: detected capacity change from 0 to 256 [ 80.485651][ T5080] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 80.485748][ T5080] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 80.485909][ T5080] Buffer I/O error on dev loop0, logical block 0, async page read [ 80.499159][ T5416] exfat: Deprecated parameter 'utf8' [pid 5416] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5416] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5416] chdir("./file2") = 0 [pid 5416] ioctl(4, LOOP_CLR_FD) = 0 [pid 5416] close(4) = 0 [pid 5416] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5416] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5415] <... futex resumed>) = 0 [pid 5415] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5416] <... futex resumed>) = 0 [pid 5416] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5415] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5416] <... openat resumed>) = 4 [pid 5416] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5415] <... futex resumed>) = 0 [pid 5416] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5415] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5415] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5416] <... openat resumed>) = 5 [pid 5416] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5415] <... futex resumed>) = 0 [pid 5416] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5415] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5415] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5416] <... futex resumed>) = 0 [pid 5416] write(4, "\x00\x00", 2) = 2 [pid 5416] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5415] <... futex resumed>) = 0 [pid 5416] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5415] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5415] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5415] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5416] <... mmap resumed>) = 0x20000000 [pid 5416] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5415] <... mmap resumed>) = 0x7f2656608000 [pid 5416] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5415] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5415] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5417 attached , parent_tid=[5417], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5417 [pid 5417] set_robust_list(0x7f26566289e0, 24 [pid 5415] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5417] <... set_robust_list resumed>) = 0 [pid 5415] <... futex resumed>) = 0 [pid 5415] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5417] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5417] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5417] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5415] <... futex resumed>) = 0 [pid 5417] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5415] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5416] <... futex resumed>) = 0 [pid 5415] <... futex resumed>) = 1 [pid 5416] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5415] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5416] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5415] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5416] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5415] exit_group(0) = ? [pid 5416] <... futex resumed>) = ? [pid 5417] <... futex resumed>) = ? [pid 5417] +++ exited with 0 +++ [pid 5416] +++ exited with 0 +++ [pid 5415] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5415, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./112", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./112/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 80.522763][ T5416] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) lstat("./112/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./112/binderfs") = 0 umount2("./112/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./112/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./112/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./112/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./112/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./112") = 0 mkdir("./113", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5418 ./strace-static-x86_64: Process 5418 attached [pid 5418] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5418] chdir("./113") = 0 [pid 5418] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5418] setpgid(0, 0) = 0 [pid 5418] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5418] write(3, "1000", 4) = 4 [pid 5418] close(3) = 0 [pid 5418] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5418] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5418] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5418] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5418] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5419 attached , parent_tid=[5419], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5419 [pid 5419] set_robust_list(0x7f265ea299e0, 24 [pid 5418] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5419] <... set_robust_list resumed>) = 0 [pid 5418] <... futex resumed>) = 0 [pid 5418] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5419] memfd_create("syzkaller", 0) = 3 [pid 5419] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5419] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5419] munmap(0x7f2656609000, 131072) = 0 [pid 5419] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5419] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5419] close(3) = 0 [pid 5419] mkdir("./file2", 0777) = 0 [pid 5419] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5419] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5419] chdir("./file2") = 0 [pid 5419] ioctl(4, LOOP_CLR_FD) = 0 [pid 5419] close(4) = 0 [pid 5419] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5419] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5418] <... futex resumed>) = 0 [pid 5418] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5419] <... futex resumed>) = 0 [pid 5418] <... futex resumed>) = 1 [pid 5419] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5418] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5419] <... openat resumed>) = 4 [pid 5419] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5419] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5418] <... futex resumed>) = 0 [pid 5418] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5419] <... futex resumed>) = 0 [pid 5418] <... futex resumed>) = 1 [pid 5419] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5418] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5419] <... openat resumed>) = 5 [pid 5419] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5418] <... futex resumed>) = 0 [pid 5419] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5418] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5418] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5419] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5419] write(4, "\x00\x00", 2) = 2 [pid 5419] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5418] <... futex resumed>) = 0 [pid 5418] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5418] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5418] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5418] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5418] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5420], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5420 [pid 5418] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5418] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5420 attached [pid 5420] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5420] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5419] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5419] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5420] <... openat resumed>) = 6 [pid 5420] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5418] <... futex resumed>) = 0 [pid 5418] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5418] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5420] <... futex resumed>) = 1 [pid 5420] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5419] <... futex resumed>) = 1 [pid 5418] <... futex resumed>) = 0 [pid 5418] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5419] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 5419] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5418] <... futex resumed>) = 0 [pid 5418] exit_group(0) = ? [pid 5420] <... futex resumed>) = ? [pid 5420] +++ exited with 0 +++ [pid 5419] +++ exited with 0 +++ [pid 5418] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5418, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./113", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./113/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./113/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./113/binderfs") = 0 [ 80.612756][ T5419] loop0: detected capacity change from 0 to 256 [ 80.622940][ T5419] exfat: Deprecated parameter 'utf8' [ 80.632598][ T5419] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./113/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./113/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./113/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./113/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./113/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./113") = 0 mkdir("./114", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5421 ./strace-static-x86_64: Process 5421 attached [pid 5421] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5421] chdir("./114") = 0 [pid 5421] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5421] setpgid(0, 0) = 0 [pid 5421] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5421] write(3, "1000", 4) = 4 [pid 5421] close(3) = 0 [pid 5421] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5421] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5421] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5421] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5421] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5422 attached , parent_tid=[5422], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5422 [pid 5421] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5421] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5422] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5422] memfd_create("syzkaller", 0) = 3 [pid 5422] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5422] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5422] munmap(0x7f2656609000, 131072) = 0 [pid 5422] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5422] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5422] close(3) = 0 [pid 5422] mkdir("./file2", 0777) = 0 [pid 5422] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5422] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5422] chdir("./file2") = 0 [pid 5422] ioctl(4, LOOP_CLR_FD) = 0 [pid 5422] close(4) = 0 [pid 5422] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5421] <... futex resumed>) = 0 [pid 5421] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5421] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5422] <... futex resumed>) = 1 [pid 5422] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5422] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5421] <... futex resumed>) = 0 [pid 5421] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5421] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5422] <... futex resumed>) = 1 [pid 5422] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5422] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5421] <... futex resumed>) = 0 [pid 5421] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5421] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5422] <... futex resumed>) = 1 [pid 5422] write(4, "\x00\x00", 2) = 2 [pid 5422] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5421] <... futex resumed>) = 0 [pid 5421] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5421] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5421] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5421] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5421] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5423 attached , parent_tid=[5423], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5423 [pid 5423] set_robust_list(0x7f26566289e0, 24 [pid 5421] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5423] <... set_robust_list resumed>) = 0 [pid 5421] <... futex resumed>) = 0 [pid 5423] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5421] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5422] <... futex resumed>) = 1 [pid 5422] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5423] <... openat resumed>) = 6 [pid 5422] <... mmap resumed>) = 0x20000000 [pid 5423] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5421] <... futex resumed>) = 0 [pid 5421] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5423] getdents64(6, [pid 5421] <... futex resumed>) = 0 [pid 5423] <... getdents64 resumed>NULL, 32776) = -1 EFAULT (Bad address) [pid 5421] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5423] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5421] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5423] <... futex resumed>) = 0 [pid 5423] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5422] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5422] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5421] exit_group(0 [pid 5423] <... futex resumed>) = ? [pid 5422] <... futex resumed>) = ? [pid 5421] <... exit_group resumed>) = ? [pid 5423] +++ exited with 0 +++ [pid 5422] +++ exited with 0 +++ [pid 5421] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5421, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./114", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./114/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./114/binderfs") = 0 umount2("./114/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./114/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./114/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./114/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./114/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./114") = 0 mkdir("./115", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 80.744383][ T5422] loop0: detected capacity change from 0 to 256 [ 80.753426][ T5422] exfat: Deprecated parameter 'utf8' [ 80.763177][ T5422] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5424 attached , child_tidptr=0x555556b3a6d0) = 5424 [pid 5424] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5424] chdir("./115") = 0 [pid 5424] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5424] setpgid(0, 0) = 0 [pid 5424] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5424] write(3, "1000", 4) = 4 [pid 5424] close(3) = 0 [pid 5424] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5424] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5424] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5424] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5424] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5425 attached [pid 5425] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5425] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5424] <... clone resumed>, parent_tid=[5425], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5425 [pid 5424] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5425] <... futex resumed>) = 0 [pid 5424] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5425] memfd_create("syzkaller", 0) = 3 [pid 5425] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5425] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5425] munmap(0x7f2656609000, 131072) = 0 [pid 5425] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5425] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5425] close(3) = 0 [pid 5425] mkdir("./file2", 0777) = 0 [pid 5425] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5425] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5425] chdir("./file2") = 0 [pid 5425] ioctl(4, LOOP_CLR_FD) = 0 [pid 5425] close(4) = 0 [pid 5425] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5424] <... futex resumed>) = 0 [pid 5424] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5425] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5424] <... futex resumed>) = 0 [pid 5424] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5425] <... openat resumed>) = 4 [pid 5425] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5424] <... futex resumed>) = 0 [pid 5425] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5424] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5424] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5425] <... openat resumed>) = 5 [pid 5425] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5424] <... futex resumed>) = 0 [pid 5424] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5424] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5425] <... futex resumed>) = 1 [pid 5425] write(4, "\x00\x00", 2) = 2 [pid 5425] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5424] <... futex resumed>) = 0 [pid 5424] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5425] <... futex resumed>) = 1 [pid 5424] <... futex resumed>) = 0 [pid 5425] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5424] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5425] <... mmap resumed>) = 0x20000000 [pid 5424] <... futex resumed>) = 0 [pid 5424] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5425] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5424] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5425] <... futex resumed>) = 0 [pid 5424] <... mprotect resumed>) = 0 [pid 5425] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5424] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5426], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5426 ./strace-static-x86_64: Process 5426 attached [pid 5424] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5424] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5426] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5426] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5426] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5426] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5424] <... futex resumed>) = 0 [pid 5424] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5425] <... futex resumed>) = 0 [pid 5424] <... futex resumed>) = 1 [pid 5425] getdents64(-1, [pid 5424] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5425] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5425] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5424] <... futex resumed>) = 0 [pid 5426] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5425] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5424] exit_group(0 [pid 5425] <... futex resumed>) = ? [pid 5424] <... exit_group resumed>) = ? [pid 5425] +++ exited with 0 +++ [pid 5426] <... futex resumed>) = ? [pid 5426] +++ exited with 0 +++ [pid 5424] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5424, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./115", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./115/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./115/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./115/binderfs") = 0 [ 80.865241][ T5425] loop0: detected capacity change from 0 to 256 [ 80.873652][ T5425] exfat: Deprecated parameter 'utf8' [ 80.884801][ T5425] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./115/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./115/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./115/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./115/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./115/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./115") = 0 mkdir("./116", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5427 ./strace-static-x86_64: Process 5427 attached [pid 5427] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5427] chdir("./116") = 0 [pid 5427] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5427] setpgid(0, 0) = 0 [pid 5427] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5427] write(3, "1000", 4) = 4 [pid 5427] close(3) = 0 [pid 5427] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5427] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5427] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5427] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5427] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5428], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5428 [pid 5427] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5427] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5428 attached [pid 5428] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5428] memfd_create("syzkaller", 0) = 3 [pid 5428] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5428] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5428] munmap(0x7f2656609000, 131072) = 0 [pid 5428] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5428] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5428] close(3) = 0 [pid 5428] mkdir("./file2", 0777) = 0 [pid 5428] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5428] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5428] chdir("./file2") = 0 [pid 5428] ioctl(4, LOOP_CLR_FD) = 0 [pid 5428] close(4) = 0 [pid 5428] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5428] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5427] <... futex resumed>) = 0 [pid 5427] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5428] <... futex resumed>) = 0 [pid 5427] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5428] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5428] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5428] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5427] <... futex resumed>) = 0 [pid 5427] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5427] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5428] <... futex resumed>) = 0 [pid 5428] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5428] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5427] <... futex resumed>) = 0 [pid 5427] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5428] write(4, "\x00\x00", 2 [pid 5427] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5428] <... write resumed>) = 2 [pid 5428] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5427] <... futex resumed>) = 0 [pid 5427] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5428] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5427] <... futex resumed>) = 0 [pid 5427] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5427] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5428] <... mmap resumed>) = 0x20000000 [pid 5427] <... mmap resumed>) = 0x7f2656608000 [pid 5428] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5427] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5428] <... futex resumed>) = 0 [pid 5427] <... mprotect resumed>) = 0 [pid 5428] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5427] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5429 attached , parent_tid=[5429], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5429 [pid 5427] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5427] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5429] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5429] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5429] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5429] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5427] <... futex resumed>) = 0 [pid 5429] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5427] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5427] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5428] <... futex resumed>) = 0 [pid 5428] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5428] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5427] <... futex resumed>) = 0 [pid 5428] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5427] exit_group(0 [pid 5429] <... futex resumed>) = ? [pid 5428] <... futex resumed>) = ? [pid 5427] <... exit_group resumed>) = ? [pid 5429] +++ exited with 0 +++ [pid 5428] +++ exited with 0 +++ [pid 5427] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5427, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [ 80.988978][ T5428] loop0: detected capacity change from 0 to 256 [ 80.998794][ T5428] exfat: Deprecated parameter 'utf8' [ 81.010036][ T5428] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./116", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./116/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./116/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./116/binderfs") = 0 umount2("./116/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./116/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./116/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./116/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./116/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./116") = 0 mkdir("./117", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5430 ./strace-static-x86_64: Process 5430 attached [pid 5430] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5430] chdir("./117") = 0 [pid 5430] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5430] setpgid(0, 0) = 0 [pid 5430] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5430] write(3, "1000", 4) = 4 [pid 5430] close(3) = 0 [pid 5430] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5430] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5430] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5430] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5430] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5431], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5431 [pid 5430] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5430] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5431 attached [pid 5431] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5431] memfd_create("syzkaller", 0) = 3 [pid 5431] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5431] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5431] munmap(0x7f2656609000, 131072) = 0 [pid 5431] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5431] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5431] close(3) = 0 [pid 5431] mkdir("./file2", 0777) = 0 [pid 5431] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5431] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5431] chdir("./file2") = 0 [pid 5431] ioctl(4, LOOP_CLR_FD) = 0 [pid 5431] close(4) = 0 [pid 5431] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5430] <... futex resumed>) = 0 [pid 5431] <... futex resumed>) = 1 [pid 5430] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5430] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5431] <... openat resumed>) = 4 [pid 5431] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5430] <... futex resumed>) = 0 [pid 5430] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5431] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5430] <... futex resumed>) = 0 [pid 5430] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5431] <... openat resumed>) = 5 [pid 5431] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5430] <... futex resumed>) = 0 [pid 5431] <... futex resumed>) = 1 [pid 5430] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5431] write(4, "\x00\x00", 2 [pid 5430] <... futex resumed>) = 0 [pid 5430] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5431] <... write resumed>) = 2 [pid 5431] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5430] <... futex resumed>) = 0 [pid 5431] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5430] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5431] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5430] <... futex resumed>) = 0 [pid 5431] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5430] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5431] <... mmap resumed>) = 0x20000000 [pid 5430] <... futex resumed>) = 0 [pid 5431] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5430] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5430] <... mmap resumed>) = 0x7f2656608000 [pid 5430] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5430] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5432 attached , parent_tid=[5432], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5432 [pid 5430] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5430] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5432] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5432] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5432] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5430] <... futex resumed>) = 0 [pid 5430] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5431] <... futex resumed>) = 0 [pid 5430] <... futex resumed>) = 1 [pid 5431] getdents64(-1, [pid 5430] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5431] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5431] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5430] <... futex resumed>) = 0 [pid 5431] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5430] exit_group(0 [pid 5431] <... futex resumed>) = ? [pid 5430] <... exit_group resumed>) = ? [pid 5431] +++ exited with 0 +++ [pid 5432] +++ exited with 0 +++ [pid 5430] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5430, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./117", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./117/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./117/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./117/binderfs") = 0 umount2("./117/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./117/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./117/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./117/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./117/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 [ 81.122529][ T5431] loop0: detected capacity change from 0 to 256 [ 81.131337][ T5431] exfat: Deprecated parameter 'utf8' [ 81.141685][ T5431] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) rmdir("./117") = 0 mkdir("./118", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5433 ./strace-static-x86_64: Process 5433 attached [pid 5433] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5433] chdir("./118") = 0 [pid 5433] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5433] setpgid(0, 0) = 0 [pid 5433] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5433] write(3, "1000", 4) = 4 [pid 5433] close(3) = 0 [pid 5433] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5433] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5433] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5433] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5433] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5434], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5434 ./strace-static-x86_64: Process 5434 attached [pid 5433] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5433] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5434] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5434] memfd_create("syzkaller", 0) = 3 [pid 5434] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5434] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5434] munmap(0x7f2656609000, 131072) = 0 [pid 5434] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5434] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5434] close(3) = 0 [pid 5434] mkdir("./file2", 0777) = 0 [pid 5434] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5434] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5434] chdir("./file2") = 0 [pid 5434] ioctl(4, LOOP_CLR_FD) = 0 [pid 5434] close(4) = 0 [pid 5434] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5433] <... futex resumed>) = 0 [pid 5434] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5433] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5434] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5433] <... futex resumed>) = 0 [pid 5434] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5433] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5434] <... openat resumed>) = 4 [pid 5434] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5433] <... futex resumed>) = 0 [pid 5434] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5433] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5433] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5434] <... openat resumed>) = 5 [pid 5434] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5433] <... futex resumed>) = 0 [pid 5433] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5434] write(4, "\x00\x00", 2 [pid 5433] <... futex resumed>) = 0 [pid 5433] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5434] <... write resumed>) = 2 [pid 5434] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5433] <... futex resumed>) = 0 [pid 5434] <... futex resumed>) = 1 [pid 5434] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5433] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5433] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5433] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5434] <... mmap resumed>) = 0x20000000 [pid 5433] <... mmap resumed>) = 0x7f2656608000 [pid 5434] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5433] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5433] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5434] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5435 attached [pid 5434] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5433] <... clone resumed>, parent_tid=[5435], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5435 [pid 5435] set_robust_list(0x7f26566289e0, 24 [pid 5433] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5435] <... set_robust_list resumed>) = 0 [pid 5433] <... futex resumed>) = 0 [pid 5433] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5435] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5435] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5435] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5433] <... futex resumed>) = 0 [pid 5433] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5434] <... futex resumed>) = 0 [pid 5433] <... futex resumed>) = 1 [pid 5434] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5433] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5434] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5433] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5434] <... futex resumed>) = 0 [pid 5434] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5433] exit_group(0 [pid 5434] <... futex resumed>) = ? [pid 5433] <... exit_group resumed>) = ? [pid 5434] +++ exited with 0 +++ [pid 5435] +++ exited with 0 +++ [pid 5433] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5433, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 81.223946][ T5434] loop0: detected capacity change from 0 to 256 [ 81.232611][ T5434] exfat: Deprecated parameter 'utf8' [ 81.243357][ T5434] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./118", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./118/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./118/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./118/binderfs") = 0 umount2("./118/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./118/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./118/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./118/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./118/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./118") = 0 mkdir("./119", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5436 ./strace-static-x86_64: Process 5436 attached [pid 5436] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5436] chdir("./119") = 0 [pid 5436] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5436] setpgid(0, 0) = 0 [pid 5436] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5436] write(3, "1000", 4) = 4 [pid 5436] close(3) = 0 [pid 5436] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5436] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5436] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5436] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5436] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5437], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5437 [pid 5436] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5436] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5437 attached [pid 5437] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5437] memfd_create("syzkaller", 0) = 3 [pid 5437] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5437] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5437] munmap(0x7f2656609000, 131072) = 0 [pid 5437] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5437] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5437] close(3) = 0 [pid 5437] mkdir("./file2", 0777) = 0 [pid 5437] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5437] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5437] chdir("./file2") = 0 [pid 5437] ioctl(4, LOOP_CLR_FD) = 0 [pid 5437] close(4) = 0 [pid 5437] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5436] <... futex resumed>) = 0 [pid 5436] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5436] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5437] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5437] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5436] <... futex resumed>) = 0 [pid 5437] <... futex resumed>) = 1 [pid 5436] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5436] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5437] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5437] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5436] <... futex resumed>) = 0 [pid 5436] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5436] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5437] write(4, "\x00\x00", 2) = 2 [pid 5437] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5436] <... futex resumed>) = 0 [pid 5436] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5436] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5436] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5436] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5436] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5438 attached , parent_tid=[5438], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5438 [pid 5438] set_robust_list(0x7f26566289e0, 24 [pid 5436] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5438] <... set_robust_list resumed>) = 0 [pid 5436] <... futex resumed>) = 0 [pid 5438] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5436] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5437] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5438] <... openat resumed>) = 6 [pid 5438] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5437] <... mmap resumed>) = 0x20000000 [pid 5436] <... futex resumed>) = 0 [pid 5438] getdents64(6, [pid 5436] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5437] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5436] <... futex resumed>) = 0 [pid 5436] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5438] <... getdents64 resumed>NULL, 32776) = -1 EFAULT (Bad address) [pid 5438] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5436] <... futex resumed>) = 0 [pid 5438] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5436] exit_group(0 [pid 5438] <... futex resumed>) = ? [pid 5436] <... exit_group resumed>) = ? [pid 5438] +++ exited with 0 +++ [pid 5437] <... futex resumed>) = ? [pid 5437] +++ exited with 0 +++ [pid 5436] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5436, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./119", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./119/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./119/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./119/binderfs") = 0 [ 81.353295][ T5437] loop0: detected capacity change from 0 to 256 [ 81.361710][ T5437] exfat: Deprecated parameter 'utf8' [ 81.372507][ T5437] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./119/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./119/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./119/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./119/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./119/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./119") = 0 mkdir("./120", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5439 ./strace-static-x86_64: Process 5439 attached [pid 5439] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5439] chdir("./120") = 0 [pid 5439] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5439] setpgid(0, 0) = 0 [pid 5439] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5439] write(3, "1000", 4) = 4 [pid 5439] close(3) = 0 [pid 5439] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5439] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5439] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5439] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5439] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5440], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5440 [pid 5439] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5439] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5440 attached [pid 5440] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5440] memfd_create("syzkaller", 0) = 3 [pid 5440] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5440] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5440] munmap(0x7f2656609000, 131072) = 0 [pid 5440] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5440] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5440] close(3) = 0 [pid 5440] mkdir("./file2", 0777) = 0 [pid 5440] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5440] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5440] chdir("./file2") = 0 [pid 5440] ioctl(4, LOOP_CLR_FD) = 0 [pid 5440] close(4) = 0 [pid 5440] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5439] <... futex resumed>) = 0 [pid 5439] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5439] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5440] <... futex resumed>) = 1 [pid 5440] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5440] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5439] <... futex resumed>) = 0 [pid 5439] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5439] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5440] <... futex resumed>) = 1 [pid 5440] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5440] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5439] <... futex resumed>) = 0 [pid 5439] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5439] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5440] <... futex resumed>) = 1 [pid 5440] write(4, "\x00\x00", 2) = 2 [pid 5440] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5439] <... futex resumed>) = 0 [pid 5439] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5439] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5439] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5439] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5439] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5441], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5441 [pid 5439] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5439] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5440] <... futex resumed>) = 1 [pid 5440] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5440] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5440] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5441 attached [pid 5441] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5441] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5441] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5441] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5439] <... futex resumed>) = 0 [pid 5439] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5439] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5440] <... futex resumed>) = 0 [pid 5440] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5440] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5439] <... futex resumed>) = 0 [pid 5439] exit_group(0) = ? [pid 5440] <... futex resumed>) = ? [pid 5440] +++ exited with 0 +++ [pid 5441] <... futex resumed>) = ? [pid 5441] +++ exited with 0 +++ [pid 5439] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5439, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./120", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./120/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./120/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./120/binderfs") = 0 umount2("./120/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 81.475056][ T5440] loop0: detected capacity change from 0 to 256 [ 81.485391][ T5440] exfat: Deprecated parameter 'utf8' [ 81.495586][ T5440] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./120/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./120/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./120/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./120/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./120") = 0 mkdir("./121", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5442 attached , child_tidptr=0x555556b3a6d0) = 5442 [pid 5442] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5442] chdir("./121") = 0 [pid 5442] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5442] setpgid(0, 0) = 0 [pid 5442] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5442] write(3, "1000", 4) = 4 [pid 5442] close(3) = 0 [pid 5442] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5442] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5442] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5442] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5442] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5443], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5443 [pid 5442] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5442] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5443 attached [pid 5443] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5443] memfd_create("syzkaller", 0) = 3 [pid 5443] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5443] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5443] munmap(0x7f2656609000, 131072) = 0 [pid 5443] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5443] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5443] close(3) = 0 [pid 5443] mkdir("./file2", 0777) = 0 [ 81.567572][ T7] cfg80211: failed to load regulatory.db [ 81.604824][ T5443] loop0: detected capacity change from 0 to 256 [pid 5443] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5443] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5443] chdir("./file2") = 0 [pid 5443] ioctl(4, LOOP_CLR_FD) = 0 [pid 5443] close(4) = 0 [pid 5443] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5442] <... futex resumed>) = 0 [pid 5443] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5442] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5442] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5443] <... openat resumed>) = 4 [pid 5443] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5442] <... futex resumed>) = 0 [pid 5443] <... futex resumed>) = 1 [pid 5442] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5443] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5442] <... futex resumed>) = 0 [pid 5442] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5443] <... openat resumed>) = 5 [pid 5443] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5442] <... futex resumed>) = 0 [pid 5442] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5443] write(4, "\x00\x00", 2 [pid 5442] <... futex resumed>) = 0 [pid 5442] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5443] <... write resumed>) = 2 [pid 5443] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5442] <... futex resumed>) = 0 [pid 5443] <... futex resumed>) = 1 [pid 5442] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5442] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5442] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5442] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5442] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5444], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5444 [pid 5442] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5442] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5443] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5443] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5443] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5444 attached [pid 5444] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5444] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5444] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5444] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5442] <... futex resumed>) = 0 [pid 5442] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5442] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5444] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5443] <... futex resumed>) = 0 [pid 5443] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5443] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5442] <... futex resumed>) = 0 [pid 5443] <... futex resumed>) = 1 [pid 5442] exit_group(0) = ? [pid 5444] <... futex resumed>) = ? [pid 5444] +++ exited with 0 +++ [pid 5443] +++ exited with 0 +++ [pid 5442] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5442, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./121", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./121/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./121/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./121/binderfs") = 0 umount2("./121/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./121/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./121/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./121/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 81.613208][ T5443] exfat: Deprecated parameter 'utf8' [ 81.623277][ T5443] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) openat(AT_FDCWD, "./121/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./121/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./121") = 0 mkdir("./122", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5445 ./strace-static-x86_64: Process 5445 attached [pid 5445] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5445] chdir("./122") = 0 [pid 5445] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5445] setpgid(0, 0) = 0 [pid 5445] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5445] write(3, "1000", 4) = 4 [pid 5445] close(3) = 0 [pid 5445] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5445] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5445] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5445] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5445] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5446], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5446 [pid 5445] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5445] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5446 attached [pid 5446] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5446] memfd_create("syzkaller", 0) = 3 [pid 5446] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5446] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5446] munmap(0x7f2656609000, 131072) = 0 [pid 5446] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5446] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5446] close(3) = 0 [pid 5446] mkdir("./file2", 0777) = 0 [pid 5446] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5446] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5446] chdir("./file2") = 0 [pid 5446] ioctl(4, LOOP_CLR_FD) = 0 [pid 5446] close(4) = 0 [pid 5446] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5446] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5445] <... futex resumed>) = 0 [pid 5445] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5446] <... futex resumed>) = 0 [pid 5445] <... futex resumed>) = 1 [pid 5446] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5445] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5446] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5445] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5446] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5445] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5446] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5445] <... futex resumed>) = 0 [pid 5446] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5445] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5446] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5445] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5445] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5446] <... futex resumed>) = 0 [pid 5445] <... futex resumed>) = 1 [pid 5446] write(4, "\x00\x00", 2 [pid 5445] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5446] <... write resumed>) = 2 [pid 5446] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5445] <... futex resumed>) = 0 [pid 5446] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5445] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5446] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5445] <... futex resumed>) = 0 [pid 5446] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5445] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5446] <... mmap resumed>) = 0x20000000 [pid 5445] <... futex resumed>) = 0 [pid 5446] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5445] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5446] <... futex resumed>) = 0 [pid 5445] <... mmap resumed>) = 0x7f2656608000 [pid 5446] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5445] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5445] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5447 attached , parent_tid=[5447], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5447 [pid 5445] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5445] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5447] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5447] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5447] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5447] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5445] <... futex resumed>) = 0 [pid 5447] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5445] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5446] <... futex resumed>) = 0 [pid 5445] <... futex resumed>) = 1 [pid 5446] getdents64(-1, [pid 5445] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5446] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5446] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5445] <... futex resumed>) = 0 [pid 5446] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5445] exit_group(0 [pid 5447] <... futex resumed>) = ? [pid 5446] <... futex resumed>) = ? [pid 5445] <... exit_group resumed>) = ? [pid 5447] +++ exited with 0 +++ [pid 5446] +++ exited with 0 +++ [pid 5445] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5445, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./122", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./122/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./122/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./122/binderfs") = 0 umount2("./122/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./122/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./122/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./122/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 81.709016][ T5446] loop0: detected capacity change from 0 to 256 [ 81.719462][ T5446] exfat: Deprecated parameter 'utf8' [ 81.731483][ T5446] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./122/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./122") = 0 mkdir("./123", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5448 ./strace-static-x86_64: Process 5448 attached [pid 5448] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5448] chdir("./123") = 0 [pid 5448] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5448] setpgid(0, 0) = 0 [pid 5448] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5448] write(3, "1000", 4) = 4 [pid 5448] close(3) = 0 [pid 5448] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5448] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5448] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5448] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5448] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5449 attached , parent_tid=[5449], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5449 [pid 5449] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5448] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5448] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5449] memfd_create("syzkaller", 0) = 3 [pid 5449] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5449] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5449] munmap(0x7f2656609000, 131072) = 0 [pid 5449] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5449] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5449] close(3) = 0 [pid 5449] mkdir("./file2", 0777) = 0 [pid 5449] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5449] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5449] chdir("./file2") = 0 [pid 5449] ioctl(4, LOOP_CLR_FD) = 0 [pid 5449] close(4) = 0 [pid 5449] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5448] <... futex resumed>) = 0 [pid 5449] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5448] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5449] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5448] <... futex resumed>) = 0 [pid 5449] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5448] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5449] <... openat resumed>) = 4 [pid 5449] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5448] <... futex resumed>) = 0 [pid 5449] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5448] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5449] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5448] <... futex resumed>) = 0 [pid 5449] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5448] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5449] <... openat resumed>) = 5 [pid 5449] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5448] <... futex resumed>) = 0 [pid 5449] <... futex resumed>) = 1 [pid 5448] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5448] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5449] write(4, "\x00\x00", 2) = 2 [pid 5449] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5448] <... futex resumed>) = 0 [pid 5449] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5448] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5449] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5448] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5449] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5448] <... futex resumed>) = 0 [pid 5448] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5448] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5448] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5450 attached [pid 5449] <... mmap resumed>) = 0x20000000 [pid 5448] <... clone resumed>, parent_tid=[5450], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5450 [pid 5450] set_robust_list(0x7f26566289e0, 24 [pid 5449] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5448] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5450] <... set_robust_list resumed>) = 0 [pid 5449] <... futex resumed>) = 0 [pid 5448] <... futex resumed>) = 0 [pid 5450] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5449] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5448] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5450] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5450] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5448] <... futex resumed>) = 0 [pid 5450] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5448] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5449] <... futex resumed>) = 0 [pid 5448] <... futex resumed>) = 1 [pid 5449] getdents64(-1, [pid 5448] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5449] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5449] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5448] <... futex resumed>) = 0 [pid 5449] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5448] exit_group(0 [pid 5450] <... futex resumed>) = ? [pid 5449] <... futex resumed>) = ? [pid 5448] <... exit_group resumed>) = ? [pid 5450] +++ exited with 0 +++ [pid 5449] +++ exited with 0 +++ [pid 5448] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5448, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./123", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./123/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./123/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./123/binderfs") = 0 [ 81.820643][ T5449] loop0: detected capacity change from 0 to 256 [ 81.831179][ T5449] exfat: Deprecated parameter 'utf8' [ 81.841643][ T5449] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./123/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./123/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./123/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./123/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./123/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./123") = 0 mkdir("./124", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5451 ./strace-static-x86_64: Process 5451 attached [pid 5451] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5451] chdir("./124") = 0 [pid 5451] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5451] setpgid(0, 0) = 0 [pid 5451] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5451] write(3, "1000", 4) = 4 [pid 5451] close(3) = 0 [pid 5451] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5451] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5451] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5451] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5451] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5452 attached , parent_tid=[5452], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5452 [pid 5452] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5452] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5451] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5452] <... futex resumed>) = 0 [pid 5451] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5452] memfd_create("syzkaller", 0) = 3 [pid 5452] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5452] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5452] munmap(0x7f2656609000, 131072) = 0 [pid 5452] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5452] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5452] close(3) = 0 [pid 5452] mkdir("./file2", 0777) = 0 [pid 5452] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5452] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5452] chdir("./file2") = 0 [pid 5452] ioctl(4, LOOP_CLR_FD) = 0 [pid 5452] close(4) = 0 [pid 5452] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5451] <... futex resumed>) = 0 [pid 5451] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5451] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5452] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5452] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5451] <... futex resumed>) = 0 [pid 5452] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5451] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5452] <... futex resumed>) = 0 [pid 5451] <... futex resumed>) = 1 [pid 5452] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5451] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5452] <... openat resumed>) = 5 [pid 5452] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5451] <... futex resumed>) = 0 [pid 5451] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5451] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5452] write(4, "\x00\x00", 2) = 2 [pid 5452] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5452] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5451] <... futex resumed>) = 0 [pid 5452] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5451] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5451] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5451] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5452] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5451] <... mmap resumed>) = 0x7f2656608000 [pid 5451] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5452] <... mmap resumed>) = 0x20000000 [pid 5452] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5451] <... mprotect resumed>) = 0 [pid 5452] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5451] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5453], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5453 [pid 5451] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5451] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5453 attached [pid 5453] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5453] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5453] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5453] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5451] <... futex resumed>) = 0 [pid 5451] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5452] <... futex resumed>) = 0 [pid 5451] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5452] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5452] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5451] <... futex resumed>) = 0 [pid 5451] exit_group(0) = ? [pid 5452] <... futex resumed>) = ? [pid 5452] +++ exited with 0 +++ [pid 5453] +++ exited with 0 +++ [pid 5451] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5451, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./124", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./124/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./124/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./124/binderfs") = 0 umount2("./124/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 81.947106][ T5452] loop0: detected capacity change from 0 to 256 [ 81.955588][ T5452] exfat: Deprecated parameter 'utf8' [ 81.966583][ T5452] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./124/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./124/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./124/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./124/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./124") = 0 mkdir("./125", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5454 ./strace-static-x86_64: Process 5454 attached [pid 5454] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5454] chdir("./125") = 0 [pid 5454] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5454] setpgid(0, 0) = 0 [pid 5454] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5454] write(3, "1000", 4) = 4 [pid 5454] close(3) = 0 [pid 5454] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5454] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5454] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5454] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5454] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5455 attached , parent_tid=[5455], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5455 [pid 5454] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5454] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5455] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5455] memfd_create("syzkaller", 0) = 3 [pid 5455] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5455] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5455] munmap(0x7f2656609000, 131072) = 0 [pid 5455] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5455] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5455] close(3) = 0 [pid 5455] mkdir("./file2", 0777) = 0 [pid 5455] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5455] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5455] chdir("./file2") = 0 [pid 5455] ioctl(4, LOOP_CLR_FD) = 0 [pid 5455] close(4) = 0 [pid 5455] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5454] <... futex resumed>) = 0 [pid 5454] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5454] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5455] <... futex resumed>) = 1 [pid 5455] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5455] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5454] <... futex resumed>) = 0 [pid 5454] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5454] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5455] <... futex resumed>) = 1 [pid 5455] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5455] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5454] <... futex resumed>) = 0 [pid 5454] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5454] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5455] <... futex resumed>) = 1 [pid 5455] write(4, "\x00\x00", 2) = 2 [pid 5455] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5454] <... futex resumed>) = 0 [pid 5454] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5454] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5454] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5454] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5454] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5456], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5456 [pid 5454] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5454] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5455] <... futex resumed>) = 1 [pid 5455] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5455] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5455] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5456 attached [pid 5456] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5456] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5456] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5456] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5454] <... futex resumed>) = 0 [pid 5454] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5454] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5455] <... futex resumed>) = 0 [pid 5455] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5455] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5454] <... futex resumed>) = 0 [pid 5455] <... futex resumed>) = 1 [pid 5454] exit_group(0) = ? [pid 5455] +++ exited with 0 +++ [pid 5456] <... futex resumed>) = ? [pid 5456] +++ exited with 0 +++ [pid 5454] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5454, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./125", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./125/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./125/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./125/binderfs") = 0 umount2("./125/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./125/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./125/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./125/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./125/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./125") = 0 mkdir("./126", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5457 ./strace-static-x86_64: Process 5457 attached [pid 5457] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5457] chdir("./126") = 0 [pid 5457] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5457] setpgid(0, 0) = 0 [pid 5457] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5457] write(3, "1000", 4) = 4 [pid 5457] close(3) = 0 [pid 5457] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5457] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5457] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5457] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [ 82.065770][ T5455] loop0: detected capacity change from 0 to 256 [ 82.074745][ T5455] exfat: Deprecated parameter 'utf8' [ 82.084055][ T5455] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5457] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5458], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5458 [pid 5457] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5457] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5458 attached [pid 5458] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5458] memfd_create("syzkaller", 0) = 3 [pid 5458] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5458] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5458] munmap(0x7f2656609000, 131072) = 0 [pid 5458] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5458] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5458] close(3) = 0 [pid 5458] mkdir("./file2", 0777) = 0 [pid 5458] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5458] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5458] chdir("./file2") = 0 [pid 5458] ioctl(4, LOOP_CLR_FD) = 0 [pid 5458] close(4) = 0 [pid 5458] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5457] <... futex resumed>) = 0 [pid 5458] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5457] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5458] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5457] <... futex resumed>) = 0 [pid 5458] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5457] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5458] <... openat resumed>) = 4 [pid 5458] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5457] <... futex resumed>) = 0 [pid 5458] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5457] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5458] <... openat resumed>) = 5 [pid 5457] <... futex resumed>) = 0 [pid 5458] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5458] <... futex resumed>) = 0 [pid 5457] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5458] write(4, "\x00\x00", 2 [pid 5457] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5458] <... write resumed>) = 2 [pid 5457] <... futex resumed>) = 0 [pid 5458] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5458] <... futex resumed>) = 0 [pid 5457] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5458] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5457] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5458] <... mmap resumed>) = 0x20000000 [pid 5457] <... futex resumed>) = 0 [pid 5458] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5458] <... futex resumed>) = 0 [pid 5457] <... futex resumed>) = 0 [pid 5458] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5457] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5457] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5457] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5459 attached , parent_tid=[5459], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5459 [pid 5457] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5457] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5459] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5459] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5459] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5459] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5457] <... futex resumed>) = 0 [pid 5459] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5457] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5458] <... futex resumed>) = 0 [pid 5457] <... futex resumed>) = 1 [pid 5458] getdents64(-1, [pid 5457] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5458] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5458] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5457] <... futex resumed>) = 0 [pid 5458] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5457] exit_group(0 [pid 5459] <... futex resumed>) = ? [pid 5458] <... futex resumed>) = ? [pid 5457] <... exit_group resumed>) = ? [pid 5459] +++ exited with 0 +++ [pid 5458] +++ exited with 0 +++ [pid 5457] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5457, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./126", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./126/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./126/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 82.154065][ T5458] loop0: detected capacity change from 0 to 256 [ 82.156688][ T5080] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 82.163050][ T5458] exfat: Deprecated parameter 'utf8' [ 82.184456][ T5458] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) unlink("./126/binderfs") = 0 umount2("./126/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./126/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./126/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./126/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./126/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./126") = 0 mkdir("./127", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5460 ./strace-static-x86_64: Process 5460 attached [pid 5460] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5460] chdir("./127") = 0 [pid 5460] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5460] setpgid(0, 0) = 0 [pid 5460] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5460] write(3, "1000", 4) = 4 [pid 5460] close(3) = 0 [pid 5460] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5460] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5460] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5460] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5460] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5461 attached , parent_tid=[5461], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5461 [pid 5461] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5461] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5460] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5461] <... futex resumed>) = 0 [pid 5461] memfd_create("syzkaller", 0 [pid 5460] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5461] <... memfd_create resumed>) = 3 [pid 5461] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5461] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5461] munmap(0x7f2656609000, 131072) = 0 [pid 5461] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5461] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5461] close(3) = 0 [pid 5461] mkdir("./file2", 0777) = 0 [pid 5461] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5461] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5461] chdir("./file2") = 0 [pid 5461] ioctl(4, LOOP_CLR_FD) = 0 [pid 5461] close(4) = 0 [pid 5461] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5460] <... futex resumed>) = 0 [pid 5461] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5460] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5461] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5460] <... futex resumed>) = 0 [pid 5460] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5461] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5461] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5460] <... futex resumed>) = 0 [pid 5461] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5460] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5460] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5461] <... openat resumed>) = 5 [pid 5461] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5460] <... futex resumed>) = 0 [pid 5461] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5460] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5461] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5460] <... futex resumed>) = 0 [pid 5460] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5461] write(4, "\x00\x00", 2) = 2 [pid 5461] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5461] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5460] <... futex resumed>) = 0 [pid 5461] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5460] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5461] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5460] <... futex resumed>) = 0 [pid 5460] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5460] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5461] <... mmap resumed>) = 0x20000000 [pid 5461] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5460] <... mmap resumed>) = 0x7f2656608000 [pid 5460] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5461] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5460] <... mprotect resumed>) = 0 [pid 5460] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5462 attached , parent_tid=[5462], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5462 [pid 5462] set_robust_list(0x7f26566289e0, 24 [pid 5460] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5462] <... set_robust_list resumed>) = 0 [pid 5460] <... futex resumed>) = 0 [pid 5462] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5460] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5462] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5462] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5462] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5460] <... futex resumed>) = 0 [pid 5460] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5461] <... futex resumed>) = 0 [pid 5460] <... futex resumed>) = 1 [pid 5460] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5461] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5461] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5460] <... futex resumed>) = 0 [pid 5461] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5460] exit_group(0 [pid 5461] <... futex resumed>) = ? [pid 5460] <... exit_group resumed>) = ? [pid 5462] <... futex resumed>) = ? [pid 5461] +++ exited with 0 +++ [pid 5462] +++ exited with 0 +++ [pid 5460] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5460, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./127", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./127/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./127/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./127/binderfs") = 0 [ 82.290649][ T5461] loop0: detected capacity change from 0 to 256 [ 82.299049][ T5461] exfat: Deprecated parameter 'utf8' [ 82.309330][ T5461] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./127/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./127/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./127/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./127/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./127/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./127") = 0 mkdir("./128", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5463 ./strace-static-x86_64: Process 5463 attached [pid 5463] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5463] chdir("./128") = 0 [pid 5463] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5463] setpgid(0, 0) = 0 [pid 5463] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5463] write(3, "1000", 4) = 4 [pid 5463] close(3) = 0 [pid 5463] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5463] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5463] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5463] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5463] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5464 attached , parent_tid=[5464], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5464 [pid 5463] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5463] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5464] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5464] memfd_create("syzkaller", 0) = 3 [pid 5464] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5464] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5464] munmap(0x7f2656609000, 131072) = 0 [pid 5464] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5464] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5464] close(3) = 0 [pid 5464] mkdir("./file2", 0777) = 0 [pid 5464] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5464] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5464] chdir("./file2") = 0 [pid 5464] ioctl(4, LOOP_CLR_FD) = 0 [pid 5464] close(4) = 0 [pid 5464] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5463] <... futex resumed>) = 0 [pid 5463] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5463] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5464] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5464] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5463] <... futex resumed>) = 0 [pid 5463] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5463] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5464] <... futex resumed>) = 1 [pid 5464] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5464] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5463] <... futex resumed>) = 0 [pid 5463] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5463] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5464] write(4, "\x00\x00", 2) = 2 [pid 5464] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5463] <... futex resumed>) = 0 [pid 5463] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5463] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5463] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5463] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5463] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5465 attached , parent_tid=[5465], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5465 [pid 5465] set_robust_list(0x7f26566289e0, 24 [pid 5463] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5464] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5463] <... futex resumed>) = 0 [pid 5463] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5465] <... set_robust_list resumed>) = 0 [pid 5465] openat(AT_FDCWD, "", O_RDONLY [pid 5464] <... mmap resumed>) = 0x20000000 [pid 5465] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5464] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5465] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5463] <... futex resumed>) = 0 [pid 5464] <... futex resumed>) = 0 [pid 5463] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5463] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5465] <... futex resumed>) = 1 [pid 5465] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5464] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5464] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5463] <... futex resumed>) = 0 [pid 5464] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5463] exit_group(0) = ? [pid 5464] <... futex resumed>) = ? [pid 5465] <... futex resumed>) = ? [pid 5464] +++ exited with 0 +++ [pid 5465] +++ exited with 0 +++ [pid 5463] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5463, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./128", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./128/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./128/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./128/binderfs") = 0 umount2("./128/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./128/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./128/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./128/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./128/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 [ 82.421016][ T5464] loop0: detected capacity change from 0 to 256 [ 82.429976][ T5464] exfat: Deprecated parameter 'utf8' [ 82.440480][ T5464] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) rmdir("./128") = 0 mkdir("./129", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5466 ./strace-static-x86_64: Process 5466 attached [pid 5466] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5466] chdir("./129") = 0 [pid 5466] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5466] setpgid(0, 0) = 0 [pid 5466] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5466] write(3, "1000", 4) = 4 [pid 5466] close(3) = 0 [pid 5466] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5466] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5466] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5466] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5466] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5467], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5467 ./strace-static-x86_64: Process 5467 attached [pid 5466] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5467] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5466] <... futex resumed>) = 0 [pid 5466] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5467] memfd_create("syzkaller", 0) = 3 [pid 5467] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5467] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5467] munmap(0x7f2656609000, 131072) = 0 [pid 5467] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5467] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5467] close(3) = 0 [pid 5467] mkdir("./file2", 0777) = 0 [pid 5467] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5467] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5467] chdir("./file2") = 0 [pid 5467] ioctl(4, LOOP_CLR_FD) = 0 [pid 5467] close(4) = 0 [pid 5467] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5466] <... futex resumed>) = 0 [pid 5466] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5466] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5467] <... futex resumed>) = 1 [pid 5467] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5467] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5466] <... futex resumed>) = 0 [pid 5466] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5466] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5467] <... futex resumed>) = 1 [pid 5467] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5467] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5466] <... futex resumed>) = 0 [pid 5466] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5466] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5467] <... futex resumed>) = 1 [pid 5467] write(4, "\x00\x00", 2) = 2 [pid 5467] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5466] <... futex resumed>) = 0 [pid 5466] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5467] <... futex resumed>) = 1 [pid 5466] <... futex resumed>) = 0 [pid 5466] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5466] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5466] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5466] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5468 attached , parent_tid=[5468], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5468 [pid 5466] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5466] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5467] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5468] set_robust_list(0x7f26566289e0, 24 [pid 5467] <... mmap resumed>) = 0x20000000 [pid 5467] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5467] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5468] <... set_robust_list resumed>) = 0 [pid 5468] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5468] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5468] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5466] <... futex resumed>) = 0 [pid 5466] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5467] <... futex resumed>) = 0 [pid 5466] <... futex resumed>) = 1 [pid 5467] getdents64(-1, [pid 5466] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5467] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5467] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5466] <... futex resumed>) = 0 [pid 5467] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5466] exit_group(0) = ? [pid 5467] <... futex resumed>) = ? [pid 5467] +++ exited with 0 +++ [pid 5468] +++ exited with 0 +++ [pid 5466] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5466, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./129", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./129/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./129/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./129/binderfs") = 0 umount2("./129/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./129/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 82.540135][ T5467] loop0: detected capacity change from 0 to 256 [ 82.548824][ T5467] exfat: Deprecated parameter 'utf8' [ 82.560213][ T5467] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) lstat("./129/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./129/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./129/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./129") = 0 mkdir("./130", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5469 ./strace-static-x86_64: Process 5469 attached [pid 5469] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5469] chdir("./130") = 0 [pid 5469] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5469] setpgid(0, 0) = 0 [pid 5469] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5469] write(3, "1000", 4) = 4 [pid 5469] close(3) = 0 [pid 5469] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5469] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5469] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5469] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5469] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5470 attached , parent_tid=[5470], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5470 [pid 5470] set_robust_list(0x7f265ea299e0, 24 [pid 5469] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5470] <... set_robust_list resumed>) = 0 [pid 5469] <... futex resumed>) = 0 [pid 5469] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5470] memfd_create("syzkaller", 0) = 3 [pid 5470] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5470] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5470] munmap(0x7f2656609000, 131072) = 0 [pid 5470] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5470] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5470] close(3) = 0 [pid 5470] mkdir("./file2", 0777) = 0 [pid 5470] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5470] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5470] chdir("./file2") = 0 [pid 5470] ioctl(4, LOOP_CLR_FD) = 0 [pid 5470] close(4) = 0 [pid 5470] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5469] <... futex resumed>) = 0 [pid 5470] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5469] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5469] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5470] <... openat resumed>) = 4 [pid 5470] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5469] <... futex resumed>) = 0 [pid 5470] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5469] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5469] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5470] <... openat resumed>) = 5 [pid 5470] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5469] <... futex resumed>) = 0 [pid 5469] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5469] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5470] write(4, "\x00\x00", 2) = 2 [pid 5470] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5469] <... futex resumed>) = 0 [pid 5469] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5469] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5469] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5469] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5469] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5471 attached , parent_tid=[5471], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5471 [pid 5471] set_robust_list(0x7f26566289e0, 24 [pid 5469] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5471] <... set_robust_list resumed>) = 0 [pid 5469] <... futex resumed>) = 0 [pid 5471] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5469] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5470] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5471] <... openat resumed>) = 6 [pid 5471] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5469] <... futex resumed>) = 0 [pid 5469] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5469] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5471] <... futex resumed>) = 1 [pid 5470] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5471] getdents64(6, [pid 5470] <... futex resumed>) = 0 [pid 5471] <... getdents64 resumed>NULL, 32776) = -1 EFAULT (Bad address) [pid 5470] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5471] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5469] <... futex resumed>) = 0 [pid 5469] exit_group(0) = ? [pid 5470] <... futex resumed>) = ? [pid 5471] <... futex resumed>) = ? [pid 5470] +++ exited with 0 +++ [pid 5471] +++ exited with 0 +++ [pid 5469] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5469, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./130", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./130/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./130/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./130/binderfs") = 0 [ 82.666617][ T5470] loop0: detected capacity change from 0 to 256 [ 82.677012][ T5470] exfat: Deprecated parameter 'utf8' [ 82.688420][ T5470] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./130/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./130/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./130/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./130/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./130/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./130") = 0 mkdir("./131", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5472 ./strace-static-x86_64: Process 5472 attached [pid 5472] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5472] chdir("./131") = 0 [pid 5472] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5472] setpgid(0, 0) = 0 [pid 5472] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5472] write(3, "1000", 4) = 4 [pid 5472] close(3) = 0 [pid 5472] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5472] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5472] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5472] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5472] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5473 attached , parent_tid=[5473], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5473 [pid 5472] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5472] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5473] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5473] memfd_create("syzkaller", 0) = 3 [pid 5473] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5473] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5473] munmap(0x7f2656609000, 131072) = 0 [pid 5473] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5473] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5473] close(3) = 0 [pid 5473] mkdir("./file2", 0777) = 0 [pid 5473] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5473] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5473] chdir("./file2") = 0 [pid 5473] ioctl(4, LOOP_CLR_FD) = 0 [pid 5473] close(4) = 0 [pid 5473] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5472] <... futex resumed>) = 0 [pid 5473] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5472] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5473] <... openat resumed>) = 4 [pid 5472] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5473] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5472] <... futex resumed>) = 0 [pid 5473] <... futex resumed>) = 1 [pid 5472] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5473] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5472] <... futex resumed>) = 0 [pid 5472] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5473] <... openat resumed>) = 5 [pid 5473] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5472] <... futex resumed>) = 0 [pid 5472] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5473] <... futex resumed>) = 1 [pid 5472] <... futex resumed>) = 0 [pid 5473] write(4, "\x00\x00", 2 [pid 5472] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5473] <... write resumed>) = 2 [pid 5473] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5472] <... futex resumed>) = 0 [pid 5473] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5472] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5473] <... mmap resumed>) = 0x20000000 [pid 5472] <... futex resumed>) = 0 [pid 5472] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5472] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5472] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5473] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5472] <... mprotect resumed>) = 0 [pid 5473] <... futex resumed>) = 0 [pid 5472] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5473] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5472] <... clone resumed>, parent_tid=[5474], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5474 [pid 5472] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5472] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5474 attached [pid 5474] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5474] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5474] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5474] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5472] <... futex resumed>) = 0 [pid 5472] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5473] <... futex resumed>) = 0 [pid 5472] <... futex resumed>) = 1 [pid 5473] getdents64(-1, [pid 5472] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5473] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5473] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5472] <... futex resumed>) = 0 [pid 5474] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5473] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5472] exit_group(0 [pid 5473] <... futex resumed>) = ? [pid 5472] <... exit_group resumed>) = ? [pid 5473] +++ exited with 0 +++ [pid 5474] <... futex resumed>) = ? [pid 5474] +++ exited with 0 +++ [pid 5472] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5472, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./131", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./131/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./131/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./131/binderfs") = 0 umount2("./131/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./131/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./131/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./131/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 [ 82.799455][ T5473] loop0: detected capacity change from 0 to 256 [ 82.809806][ T5473] exfat: Deprecated parameter 'utf8' [ 82.821435][ T5473] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./131/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./131") = 0 mkdir("./132", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5475 ./strace-static-x86_64: Process 5475 attached [pid 5475] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5475] chdir("./132") = 0 [pid 5475] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5475] setpgid(0, 0) = 0 [pid 5475] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5475] write(3, "1000", 4) = 4 [pid 5475] close(3) = 0 [pid 5475] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5475] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5475] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5475] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5475] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5476 attached [pid 5476] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5476] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5475] <... clone resumed>, parent_tid=[5476], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5476 [pid 5475] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5476] <... futex resumed>) = 0 [pid 5475] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5476] memfd_create("syzkaller", 0) = 3 [pid 5476] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5476] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5476] munmap(0x7f2656609000, 131072) = 0 [pid 5476] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5476] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5476] close(3) = 0 [pid 5476] mkdir("./file2", 0777) = 0 [pid 5476] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5476] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5476] chdir("./file2") = 0 [pid 5476] ioctl(4, LOOP_CLR_FD) = 0 [pid 5476] close(4) = 0 [pid 5476] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5475] <... futex resumed>) = 0 [pid 5475] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5475] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5476] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5476] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5475] <... futex resumed>) = 0 [pid 5475] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5475] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5476] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5476] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5475] <... futex resumed>) = 0 [pid 5475] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5476] write(4, "\x00\x00", 2) = 2 [pid 5475] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5476] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5476] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5475] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5475] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5475] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5475] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5475] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5475] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5477 attached , parent_tid=[5477], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5477 [pid 5475] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5475] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5476] <... futex resumed>) = 0 [pid 5476] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5477] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5476] <... mmap resumed>) = 0x20000000 [pid 5476] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5476] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5477] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5477] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5477] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5475] <... futex resumed>) = 0 [pid 5475] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5475] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5476] <... futex resumed>) = 0 [pid 5476] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5476] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5475] <... futex resumed>) = 0 [pid 5475] exit_group(0) = ? [pid 5476] <... futex resumed>) = ? [pid 5476] +++ exited with 0 +++ [pid 5477] <... futex resumed>) = ? [pid 5477] +++ exited with 0 +++ [pid 5475] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5475, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./132", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./132/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./132/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./132/binderfs") = 0 umount2("./132/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 82.919363][ T5476] loop0: detected capacity change from 0 to 256 [ 82.928917][ T5476] exfat: Deprecated parameter 'utf8' [ 82.939041][ T5476] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./132/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./132/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./132/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./132/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./132") = 0 mkdir("./133", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5478 ./strace-static-x86_64: Process 5478 attached [pid 5478] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5478] chdir("./133") = 0 [pid 5478] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5478] setpgid(0, 0) = 0 [pid 5478] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5478] write(3, "1000", 4) = 4 [pid 5478] close(3) = 0 [pid 5478] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5478] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5478] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5478] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5478] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5479 attached [pid 5479] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5479] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5478] <... clone resumed>, parent_tid=[5479], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5479 [pid 5478] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5479] <... futex resumed>) = 0 [pid 5479] memfd_create("syzkaller", 0) = 3 [pid 5478] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5479] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5479] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5479] munmap(0x7f2656609000, 131072) = 0 [pid 5479] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5479] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5479] close(3) = 0 [pid 5479] mkdir("./file2", 0777) = 0 [pid 5479] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5479] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5479] chdir("./file2") = 0 [pid 5479] ioctl(4, LOOP_CLR_FD) = 0 [pid 5479] close(4) = 0 [pid 5479] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5478] <... futex resumed>) = 0 [pid 5478] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5478] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5479] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5479] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5478] <... futex resumed>) = 0 [pid 5478] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5478] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5479] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5479] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5478] <... futex resumed>) = 0 [pid 5478] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5478] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5479] write(4, "\x00\x00", 2) = 2 [pid 5479] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5478] <... futex resumed>) = 0 [pid 5479] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5478] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5479] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5478] <... futex resumed>) = 0 [pid 5479] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5478] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5478] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5479] <... mmap resumed>) = 0x20000000 [pid 5478] <... mmap resumed>) = 0x7f2656608000 [pid 5479] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5478] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5479] <... futex resumed>) = 0 [pid 5479] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5478] <... mprotect resumed>) = 0 [pid 5478] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5480 attached , parent_tid=[5480], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5480 [pid 5480] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5480] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5478] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5480] <... futex resumed>) = 0 [pid 5478] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5480] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5480] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5480] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5480] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5478] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5478] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5479] <... futex resumed>) = 0 [pid 5479] getdents64(-1, [pid 5478] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5479] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5479] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5478] <... futex resumed>) = 0 [pid 5478] exit_group(0 [pid 5479] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5478] <... exit_group resumed>) = ? [pid 5480] <... futex resumed>) = ? [pid 5479] +++ exited with 0 +++ [pid 5480] +++ exited with 0 +++ [pid 5478] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5478, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./133", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./133/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./133/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./133/binderfs") = 0 [ 83.060930][ T5479] loop0: detected capacity change from 0 to 256 [ 83.070989][ T5479] exfat: Deprecated parameter 'utf8' [ 83.081992][ T5479] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./133/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./133/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./133/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./133/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./133/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./133") = 0 mkdir("./134", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5481 ./strace-static-x86_64: Process 5481 attached [pid 5481] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5481] chdir("./134") = 0 [pid 5481] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5481] setpgid(0, 0) = 0 [pid 5481] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5481] write(3, "1000", 4) = 4 [pid 5481] close(3) = 0 [pid 5481] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5481] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5481] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5481] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5481] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5482 attached , parent_tid=[5482], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5482 [pid 5481] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5481] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5482] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5482] memfd_create("syzkaller", 0) = 3 [pid 5482] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5482] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5482] munmap(0x7f2656609000, 131072) = 0 [pid 5482] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5482] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5482] close(3) = 0 [pid 5482] mkdir("./file2", 0777) = 0 [pid 5482] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5482] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5482] chdir("./file2") = 0 [pid 5482] ioctl(4, LOOP_CLR_FD) = 0 [pid 5482] close(4) = 0 [pid 5482] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5481] <... futex resumed>) = 0 [pid 5482] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5481] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5481] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5482] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5482] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5481] <... futex resumed>) = 0 [pid 5481] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5481] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5482] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5482] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5481] <... futex resumed>) = 0 [pid 5481] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5481] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5482] write(4, "\x00\x00", 2) = 2 [pid 5482] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5481] <... futex resumed>) = 0 [pid 5481] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5481] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5481] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5481] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5481] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5483 attached , parent_tid=[5483], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5483 [pid 5483] set_robust_list(0x7f26566289e0, 24 [pid 5481] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5483] <... set_robust_list resumed>) = 0 [pid 5482] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5481] <... futex resumed>) = 0 [pid 5483] openat(AT_FDCWD, "", O_RDONLY [pid 5481] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5482] <... mmap resumed>) = 0x20000000 [pid 5483] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5482] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5483] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5482] <... futex resumed>) = 0 [pid 5481] <... futex resumed>) = 0 [pid 5483] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5482] getdents64(-1, [pid 5481] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5482] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5481] <... futex resumed>) = 0 [pid 5482] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5481] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5482] <... futex resumed>) = 0 [pid 5481] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5482] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5481] exit_group(0 [pid 5483] <... futex resumed>) = ? [pid 5482] <... futex resumed>) = ? [pid 5481] <... exit_group resumed>) = ? [pid 5483] +++ exited with 0 +++ [pid 5482] +++ exited with 0 +++ [pid 5481] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5481, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./134", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./134/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./134/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./134/binderfs") = 0 [ 83.188105][ T5482] loop0: detected capacity change from 0 to 256 [ 83.198074][ T5482] exfat: Deprecated parameter 'utf8' [ 83.209159][ T5482] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./134/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./134/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./134/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./134/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./134/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./134") = 0 mkdir("./135", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5484 ./strace-static-x86_64: Process 5484 attached [pid 5484] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5484] chdir("./135") = 0 [pid 5484] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5484] setpgid(0, 0) = 0 [pid 5484] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5484] write(3, "1000", 4) = 4 [pid 5484] close(3) = 0 [pid 5484] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5484] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5484] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5484] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5484] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5485], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5485 [pid 5484] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5484] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5485 attached [pid 5485] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5485] memfd_create("syzkaller", 0) = 3 [pid 5485] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5485] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5485] munmap(0x7f2656609000, 131072) = 0 [pid 5485] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5485] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5485] close(3) = 0 [pid 5485] mkdir("./file2", 0777) = 0 [ 83.291479][ T5485] loop0: detected capacity change from 0 to 256 [ 83.297965][ T5080] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 83.298066][ T5080] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 83.317156][ T5080] Buffer I/O error on dev loop0, logical block 0, async page read [ 83.330586][ T5485] exfat: Deprecated parameter 'utf8' [pid 5485] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5485] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5485] chdir("./file2") = 0 [pid 5485] ioctl(4, LOOP_CLR_FD) = 0 [pid 5485] close(4) = 0 [pid 5485] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5484] <... futex resumed>) = 0 [pid 5484] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5484] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5485] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5485] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5484] <... futex resumed>) = 0 [pid 5484] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5484] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5485] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5485] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5484] <... futex resumed>) = 0 [pid 5484] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5484] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5485] write(4, "\x00\x00", 2) = 2 [pid 5485] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5484] <... futex resumed>) = 0 [pid 5484] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5484] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5484] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5485] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5484] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5485] <... mmap resumed>) = 0x20000000 [pid 5484] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5486], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5486 [pid 5484] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5484] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5486 attached [pid 5486] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5486] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5486] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5486] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5484] <... futex resumed>) = 0 [pid 5484] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5484] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5486] <... futex resumed>) = 1 [pid 5486] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5486] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5484] <... futex resumed>) = 0 [pid 5486] <... futex resumed>) = 1 [pid 5486] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5485] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5485] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5484] exit_group(0) = ? [pid 5485] <... futex resumed>) = ? [pid 5485] +++ exited with 0 +++ [pid 5486] <... futex resumed>) = ? [pid 5486] +++ exited with 0 +++ [pid 5484] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5484, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./135", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 83.341917][ T5485] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./135/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./135/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./135/binderfs") = 0 umount2("./135/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./135/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./135/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./135/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./135/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./135") = 0 mkdir("./136", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5487 ./strace-static-x86_64: Process 5487 attached [pid 5487] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5487] chdir("./136") = 0 [pid 5487] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5487] setpgid(0, 0) = 0 [pid 5487] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5487] write(3, "1000", 4) = 4 [pid 5487] close(3) = 0 [pid 5487] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5487] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5487] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5487] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5487] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5488], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5488 [pid 5487] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5487] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5488 attached [pid 5488] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5488] memfd_create("syzkaller", 0) = 3 [pid 5488] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5488] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5488] munmap(0x7f2656609000, 131072) = 0 [pid 5488] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5488] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5488] close(3) = 0 [pid 5488] mkdir("./file2", 0777) = 0 [pid 5488] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5488] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5488] chdir("./file2") = 0 [pid 5488] ioctl(4, LOOP_CLR_FD) = 0 [pid 5488] close(4) = 0 [pid 5488] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5487] <... futex resumed>) = 0 [pid 5488] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5487] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5487] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5488] <... openat resumed>) = 4 [pid 5488] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] <... futex resumed>) = 0 [pid 5488] <... futex resumed>) = 1 [pid 5488] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5487] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5487] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5488] <... openat resumed>) = 5 [pid 5488] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] <... futex resumed>) = 0 [pid 5488] <... futex resumed>) = 1 [pid 5487] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5487] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5488] write(4, "\x00\x00", 2) = 2 [pid 5488] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5487] <... futex resumed>) = 0 [pid 5487] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5487] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5488] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5487] <... futex resumed>) = 0 [pid 5487] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5487] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5488] <... mmap resumed>) = 0x20000000 [pid 5487] <... mprotect resumed>) = 0 [pid 5487] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5489], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5489 [pid 5488] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5487] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5488] <... futex resumed>) = 0 [pid 5488] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5489 attached [pid 5489] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5489] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5489] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5489] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] <... futex resumed>) = 0 [pid 5487] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5488] <... futex resumed>) = 0 [pid 5487] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5488] getdents64(-1, [pid 5489] <... futex resumed>) = 1 [pid 5488] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5489] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5488] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5487] <... futex resumed>) = 0 [pid 5488] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5487] exit_group(0) = ? [pid 5489] <... futex resumed>) = ? [pid 5489] +++ exited with 0 +++ [pid 5488] <... futex resumed>) = ? [pid 5488] +++ exited with 0 +++ [pid 5487] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5487, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./136", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./136/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./136/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./136/binderfs") = 0 umount2("./136/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 83.437559][ T5488] loop0: detected capacity change from 0 to 256 [ 83.446758][ T5488] exfat: Deprecated parameter 'utf8' [ 83.457317][ T5488] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./136/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./136/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./136/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./136/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./136") = 0 mkdir("./137", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5490 attached , child_tidptr=0x555556b3a6d0) = 5490 [pid 5490] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5490] chdir("./137") = 0 [pid 5490] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5490] setpgid(0, 0) = 0 [pid 5490] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5490] write(3, "1000", 4) = 4 [pid 5490] close(3) = 0 [pid 5490] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5490] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5490] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5490] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5490] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5491], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5491 [pid 5490] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5490] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5491 attached [pid 5491] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5491] memfd_create("syzkaller", 0) = 3 [pid 5491] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5491] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5491] munmap(0x7f2656609000, 131072) = 0 [pid 5491] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5491] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5491] close(3) = 0 [pid 5491] mkdir("./file2", 0777) = 0 [pid 5491] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5491] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5491] chdir("./file2") = 0 [pid 5491] ioctl(4, LOOP_CLR_FD) = 0 [pid 5491] close(4) = 0 [pid 5491] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5490] <... futex resumed>) = 0 [pid 5490] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5491] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5490] <... futex resumed>) = 0 [pid 5490] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5491] <... openat resumed>) = 4 [pid 5491] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5490] <... futex resumed>) = 0 [pid 5491] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5490] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5490] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5491] <... openat resumed>) = 5 [pid 5491] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5490] <... futex resumed>) = 0 [pid 5490] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5490] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5491] write(4, "\x00\x00", 2) = 2 [pid 5491] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5490] <... futex resumed>) = 0 [pid 5490] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5490] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5491] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5490] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5490] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5491] <... mmap resumed>) = 0x20000000 [pid 5490] <... mprotect resumed>) = 0 [pid 5490] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5492], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5492 [pid 5490] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5491] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5490] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5492 attached [pid 5491] <... futex resumed>) = 0 [pid 5490] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5491] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5492] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5492] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5492] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5492] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5490] <... futex resumed>) = 0 [pid 5492] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5490] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5490] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5491] <... futex resumed>) = 0 [pid 5491] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5491] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5490] <... futex resumed>) = 0 [pid 5491] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5490] exit_group(0) = ? [pid 5491] <... futex resumed>) = ? [pid 5491] +++ exited with 0 +++ [pid 5492] <... futex resumed>) = ? [pid 5492] +++ exited with 0 +++ [pid 5490] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5490, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./137", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./137/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./137/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./137/binderfs") = 0 [ 83.558195][ T5491] loop0: detected capacity change from 0 to 256 [ 83.568227][ T5491] exfat: Deprecated parameter 'utf8' [ 83.579562][ T5491] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./137/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./137/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./137/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./137/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./137/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./137") = 0 mkdir("./138", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5493 ./strace-static-x86_64: Process 5493 attached [pid 5493] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5493] chdir("./138") = 0 [pid 5493] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5493] setpgid(0, 0) = 0 [pid 5493] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5493] write(3, "1000", 4) = 4 [pid 5493] close(3) = 0 [pid 5493] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5493] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5493] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5493] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5493] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5494], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5494 [pid 5493] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5493] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5494 attached [pid 5494] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5494] memfd_create("syzkaller", 0) = 3 [pid 5494] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5494] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5494] munmap(0x7f2656609000, 131072) = 0 [pid 5494] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5494] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5494] close(3) = 0 [pid 5494] mkdir("./file2", 0777) = 0 [pid 5494] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5494] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5494] chdir("./file2") = 0 [pid 5494] ioctl(4, LOOP_CLR_FD) = 0 [pid 5494] close(4) = 0 [pid 5494] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5493] <... futex resumed>) = 0 [pid 5494] <... futex resumed>) = 1 [pid 5494] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5493] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5493] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5494] <... openat resumed>) = 4 [pid 5494] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5493] <... futex resumed>) = 0 [pid 5493] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5494] <... futex resumed>) = 1 [pid 5494] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5493] <... futex resumed>) = 0 [pid 5493] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5494] <... openat resumed>) = 5 [pid 5494] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5493] <... futex resumed>) = 0 [pid 5494] <... futex resumed>) = 1 [pid 5494] write(4, "\x00\x00", 2 [pid 5493] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5493] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5494] <... write resumed>) = 2 [pid 5494] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5493] <... futex resumed>) = 0 [pid 5493] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5493] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5493] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5493] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5493] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5495], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5495 [pid 5493] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5493] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5494] <... futex resumed>) = 1 [pid 5494] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0./strace-static-x86_64: Process 5495 attached [pid 5495] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5494] <... mmap resumed>) = 0x20000000 [pid 5495] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5495] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5495] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5493] <... futex resumed>) = 0 [pid 5493] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5495] getdents64(-1, [pid 5493] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5495] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5495] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5493] <... futex resumed>) = 0 [pid 5495] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5494] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5494] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5493] exit_group(0 [pid 5494] <... futex resumed>) = ? [pid 5493] <... exit_group resumed>) = ? [pid 5495] <... futex resumed>) = ? [pid 5495] +++ exited with 0 +++ [pid 5494] +++ exited with 0 +++ [pid 5493] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5493, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./138", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./138/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./138/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./138/binderfs") = 0 [ 83.678376][ T5494] loop0: detected capacity change from 0 to 256 [ 83.687747][ T5494] exfat: Deprecated parameter 'utf8' [ 83.699320][ T5494] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./138/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./138/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./138/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./138/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./138/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./138") = 0 mkdir("./139", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5496 ./strace-static-x86_64: Process 5496 attached [pid 5496] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5496] chdir("./139") = 0 [pid 5496] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5496] setpgid(0, 0) = 0 [pid 5496] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5496] write(3, "1000", 4) = 4 [pid 5496] close(3) = 0 [pid 5496] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5496] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5496] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5496] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5496] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5497 attached , parent_tid=[5497], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5497 [pid 5497] set_robust_list(0x7f265ea299e0, 24 [pid 5496] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5497] <... set_robust_list resumed>) = 0 [pid 5496] <... futex resumed>) = 0 [pid 5496] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5497] memfd_create("syzkaller", 0) = 3 [pid 5497] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5497] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5497] munmap(0x7f2656609000, 131072) = 0 [pid 5497] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5497] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5497] close(3) = 0 [pid 5497] mkdir("./file2", 0777) = 0 [pid 5497] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5497] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5497] chdir("./file2") = 0 [pid 5497] ioctl(4, LOOP_CLR_FD) = 0 [pid 5497] close(4) = 0 [pid 5497] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5496] <... futex resumed>) = 0 [pid 5496] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5496] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5497] <... futex resumed>) = 1 [pid 5497] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5497] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5496] <... futex resumed>) = 0 [pid 5496] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5496] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5497] <... futex resumed>) = 1 [pid 5497] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5497] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5496] <... futex resumed>) = 0 [pid 5496] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5496] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5497] <... futex resumed>) = 1 [pid 5497] write(4, "\x00\x00", 2) = 2 [pid 5497] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5496] <... futex resumed>) = 0 [pid 5496] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5496] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5496] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5496] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5496] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5498], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5498 ./strace-static-x86_64: Process 5498 attached [pid 5496] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5496] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5497] <... futex resumed>) = 1 [pid 5497] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5498] set_robust_list(0x7f26566289e0, 24 [pid 5497] <... mmap resumed>) = 0x20000000 [pid 5497] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5497] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5498] <... set_robust_list resumed>) = 0 [pid 5498] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5498] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5498] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5496] <... futex resumed>) = 0 [pid 5496] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5497] <... futex resumed>) = 0 [pid 5496] <... futex resumed>) = 1 [pid 5497] getdents64(-1, [pid 5496] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5498] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5497] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5497] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5496] <... futex resumed>) = 0 [pid 5497] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5496] exit_group(0 [pid 5497] <... futex resumed>) = ? [pid 5496] <... exit_group resumed>) = ? [pid 5498] <... futex resumed>) = ? [pid 5497] +++ exited with 0 +++ [pid 5498] +++ exited with 0 +++ [pid 5496] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5496, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./139", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./139/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./139/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./139/binderfs") = 0 [ 83.788302][ T5497] loop0: detected capacity change from 0 to 256 [ 83.797456][ T5497] exfat: Deprecated parameter 'utf8' [ 83.807622][ T5497] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./139/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./139/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./139/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./139/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./139/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./139") = 0 mkdir("./140", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5499 ./strace-static-x86_64: Process 5499 attached [pid 5499] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5499] chdir("./140") = 0 [pid 5499] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5499] setpgid(0, 0) = 0 [pid 5499] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5499] write(3, "1000", 4) = 4 [pid 5499] close(3) = 0 [pid 5499] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5499] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5499] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5499] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5499] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5500 attached , parent_tid=[5500], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5500 [pid 5499] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5500] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5499] <... futex resumed>) = 0 [pid 5500] memfd_create("syzkaller", 0 [pid 5499] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5500] <... memfd_create resumed>) = 3 [pid 5500] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5500] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5500] munmap(0x7f2656609000, 131072) = 0 [pid 5500] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5500] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5500] close(3) = 0 [pid 5500] mkdir("./file2", 0777) = 0 [pid 5500] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5500] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5500] chdir("./file2") = 0 [pid 5500] ioctl(4, LOOP_CLR_FD) = 0 [pid 5500] close(4) = 0 [pid 5500] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5499] <... futex resumed>) = 0 [pid 5499] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5499] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5500] <... futex resumed>) = 1 [pid 5500] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5500] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5499] <... futex resumed>) = 0 [pid 5499] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5499] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5500] <... futex resumed>) = 1 [pid 5500] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5500] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5499] <... futex resumed>) = 0 [pid 5499] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5499] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5500] <... futex resumed>) = 1 [pid 5500] write(4, "\x00\x00", 2) = 2 [pid 5500] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5499] <... futex resumed>) = 0 [pid 5499] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5499] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5499] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5499] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5499] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5501 attached , parent_tid=[5501], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5501 [pid 5499] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5499] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5500] <... futex resumed>) = 1 [pid 5500] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5501] set_robust_list(0x7f26566289e0, 24 [pid 5500] <... mmap resumed>) = 0x20000000 [pid 5500] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5500] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5501] <... set_robust_list resumed>) = 0 [pid 5501] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5501] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5501] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5499] <... futex resumed>) = 0 [pid 5501] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5499] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5500] <... futex resumed>) = 0 [pid 5499] <... futex resumed>) = 1 [pid 5500] getdents64(-1, [pid 5499] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5500] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5500] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5499] <... futex resumed>) = 0 [pid 5500] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5499] exit_group(0 [pid 5501] <... futex resumed>) = ? [pid 5500] <... futex resumed>) = ? [pid 5499] <... exit_group resumed>) = ? [pid 5501] +++ exited with 0 +++ [pid 5500] +++ exited with 0 +++ [pid 5499] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5499, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./140", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./140/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./140/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./140/binderfs") = 0 umount2("./140/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 83.931914][ T5500] loop0: detected capacity change from 0 to 256 [ 83.942077][ T5500] exfat: Deprecated parameter 'utf8' [ 83.953210][ T5500] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./140/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./140/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./140/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./140/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./140") = 0 mkdir("./141", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5502 ./strace-static-x86_64: Process 5502 attached [pid 5502] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5502] chdir("./141") = 0 [pid 5502] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5502] setpgid(0, 0) = 0 [pid 5502] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5502] write(3, "1000", 4) = 4 [pid 5502] close(3) = 0 [pid 5502] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5502] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5502] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5502] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5502] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5503 attached [pid 5503] set_robust_list(0x7f265ea299e0, 24 [pid 5502] <... clone resumed>, parent_tid=[5503], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5503 [pid 5502] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5502] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5503] <... set_robust_list resumed>) = 0 [pid 5503] memfd_create("syzkaller", 0) = 3 [pid 5503] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5503] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5503] munmap(0x7f2656609000, 131072) = 0 [pid 5503] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5503] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5503] close(3) = 0 [pid 5503] mkdir("./file2", 0777) = 0 [pid 5503] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5503] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5503] chdir("./file2") = 0 [pid 5503] ioctl(4, LOOP_CLR_FD) = 0 [pid 5503] close(4) = 0 [pid 5503] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5502] <... futex resumed>) = 0 [pid 5502] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5503] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5502] <... futex resumed>) = 0 [pid 5502] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5503] <... openat resumed>) = 4 [pid 5503] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5502] <... futex resumed>) = 0 [pid 5502] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5502] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5503] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5503] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5502] <... futex resumed>) = 0 [pid 5502] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5502] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5503] write(4, "\x00\x00", 2) = 2 [pid 5503] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5502] <... futex resumed>) = 0 [pid 5502] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5502] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5502] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5502] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5502] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5504 attached , parent_tid=[5504], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5504 [pid 5502] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5502] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5503] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5504] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5504] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5503] <... mmap resumed>) = 0x20000000 [pid 5503] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5503] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5504] <... openat resumed>) = 6 [pid 5504] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5502] <... futex resumed>) = 0 [pid 5504] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5502] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5503] <... futex resumed>) = 0 [pid 5502] <... futex resumed>) = 1 [pid 5502] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5503] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 5503] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5502] <... futex resumed>) = 0 [ 84.067403][ T5503] loop0: detected capacity change from 0 to 256 [ 84.078822][ T5503] exfat: Deprecated parameter 'utf8' [ 84.090699][ T5503] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5503] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5502] exit_group(0 [pid 5503] <... futex resumed>) = ? [pid 5502] <... exit_group resumed>) = ? [pid 5504] <... futex resumed>) = ? [pid 5504] +++ exited with 0 +++ [pid 5503] +++ exited with 0 +++ [pid 5502] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5502, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./141", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./141/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./141/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./141/binderfs") = 0 umount2("./141/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./141/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./141/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./141/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./141/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./141") = 0 mkdir("./142", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5505 ./strace-static-x86_64: Process 5505 attached [pid 5505] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5505] chdir("./142") = 0 [pid 5505] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5505] setpgid(0, 0) = 0 [pid 5505] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5505] write(3, "1000", 4) = 4 [pid 5505] close(3) = 0 [pid 5505] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5505] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5505] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5505] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5505] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5506 attached , parent_tid=[5506], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5506 [pid 5506] set_robust_list(0x7f265ea299e0, 24 [pid 5505] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5506] <... set_robust_list resumed>) = 0 [pid 5505] <... futex resumed>) = 0 [pid 5505] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5506] memfd_create("syzkaller", 0) = 3 [pid 5506] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5506] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5506] munmap(0x7f2656609000, 131072) = 0 [pid 5506] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5506] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5506] close(3) = 0 [pid 5506] mkdir("./file2", 0777) = 0 [pid 5506] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5506] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5506] chdir("./file2") = 0 [pid 5506] ioctl(4, LOOP_CLR_FD) = 0 [pid 5506] close(4) = 0 [pid 5506] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5505] <... futex resumed>) = 0 [pid 5506] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5505] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5506] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5505] <... futex resumed>) = 0 [pid 5506] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5505] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5506] <... openat resumed>) = 4 [pid 5506] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5505] <... futex resumed>) = 0 [pid 5506] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5505] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5506] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5505] <... futex resumed>) = 0 [pid 5506] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5505] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5506] <... openat resumed>) = 5 [pid 5506] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5505] <... futex resumed>) = 0 [pid 5506] write(4, "\x00\x00", 2 [pid 5505] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5506] <... write resumed>) = 2 [pid 5505] <... futex resumed>) = 0 [pid 5506] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5505] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5506] <... futex resumed>) = 0 [pid 5505] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5506] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5505] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5506] <... mmap resumed>) = 0x20000000 [pid 5505] <... futex resumed>) = 0 [pid 5506] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5505] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5506] <... futex resumed>) = 0 [pid 5505] <... futex resumed>) = 0 [pid 5506] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5505] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5505] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5505] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5507 attached , parent_tid=[5507], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5507 [pid 5505] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5505] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5507] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5507] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5507] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5507] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5505] <... futex resumed>) = 0 [pid 5507] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5505] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5506] <... futex resumed>) = 0 [pid 5505] <... futex resumed>) = 1 [pid 5506] getdents64(-1, [pid 5505] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5506] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5506] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5505] <... futex resumed>) = 0 [pid 5506] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5505] exit_group(0 [pid 5507] <... futex resumed>) = ? [pid 5506] <... futex resumed>) = ? [pid 5505] <... exit_group resumed>) = ? [pid 5507] +++ exited with 0 +++ [pid 5506] +++ exited with 0 +++ [pid 5505] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5505, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./142", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./142/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./142/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./142/binderfs") = 0 umount2("./142/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 84.209691][ T5506] loop0: detected capacity change from 0 to 256 [ 84.219594][ T5506] exfat: Deprecated parameter 'utf8' [ 84.230311][ T5506] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./142/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./142/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./142/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./142/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./142") = 0 mkdir("./143", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5508 ./strace-static-x86_64: Process 5508 attached [pid 5508] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5508] chdir("./143") = 0 [pid 5508] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5508] setpgid(0, 0) = 0 [pid 5508] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5508] write(3, "1000", 4) = 4 [pid 5508] close(3) = 0 [pid 5508] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5508] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5508] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5508] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5508] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5509], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5509 [pid 5508] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5509 attached ) = 0 [pid 5508] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5509] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5509] memfd_create("syzkaller", 0) = 3 [pid 5509] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5509] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5509] munmap(0x7f2656609000, 131072) = 0 [pid 5509] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5509] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5509] close(3) = 0 [pid 5509] mkdir("./file2", 0777) = 0 [pid 5509] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5509] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5509] chdir("./file2") = 0 [pid 5509] ioctl(4, LOOP_CLR_FD) = 0 [pid 5509] close(4) = 0 [pid 5509] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5508] <... futex resumed>) = 0 [pid 5508] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5508] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5509] <... futex resumed>) = 1 [pid 5509] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5509] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5508] <... futex resumed>) = 0 [pid 5508] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5508] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5509] <... futex resumed>) = 1 [pid 5509] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5509] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5508] <... futex resumed>) = 0 [pid 5508] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5508] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5509] <... futex resumed>) = 1 [pid 5509] write(4, "\x00\x00", 2) = 2 [pid 5509] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5508] <... futex resumed>) = 0 [pid 5508] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5508] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5508] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5508] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5508] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5510], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5510 [pid 5508] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5509] <... futex resumed>) = 1 [pid 5508] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5509] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0./strace-static-x86_64: Process 5510 attached ) = 0x20000000 [pid 5509] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5509] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5510] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5510] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5510] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5510] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5508] <... futex resumed>) = 0 [pid 5508] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5509] <... futex resumed>) = 0 [pid 5508] <... futex resumed>) = 1 [pid 5509] getdents64(-1, [pid 5508] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5509] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5509] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5510] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5509] <... futex resumed>) = 1 [pid 5508] <... futex resumed>) = 0 [pid 5509] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5508] exit_group(0 [pid 5509] <... futex resumed>) = ? [pid 5508] <... exit_group resumed>) = ? [pid 5510] <... futex resumed>) = ? [pid 5509] +++ exited with 0 +++ [pid 5510] +++ exited with 0 +++ [pid 5508] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5508, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./143", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./143/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./143/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./143/binderfs") = 0 [ 84.335257][ T5509] loop0: detected capacity change from 0 to 256 [ 84.345687][ T5509] exfat: Deprecated parameter 'utf8' [ 84.355666][ T5509] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./143/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./143/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./143/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./143/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./143/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./143") = 0 mkdir("./144", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5511 attached , child_tidptr=0x555556b3a6d0) = 5511 [pid 5511] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5511] chdir("./144") = 0 [pid 5511] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5511] setpgid(0, 0) = 0 [pid 5511] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5511] write(3, "1000", 4) = 4 [pid 5511] close(3) = 0 [pid 5511] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5511] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5511] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5511] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5511] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5512 attached , parent_tid=[5512], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5512 [pid 5511] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5511] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5512] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5512] memfd_create("syzkaller", 0) = 3 [pid 5512] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5512] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5512] munmap(0x7f2656609000, 131072) = 0 [pid 5512] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5512] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5512] close(3) = 0 [pid 5512] mkdir("./file2", 0777) = 0 [pid 5512] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5512] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5512] chdir("./file2") = 0 [pid 5512] ioctl(4, LOOP_CLR_FD) = 0 [pid 5512] close(4) = 0 [pid 5512] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5511] <... futex resumed>) = 0 [pid 5511] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5511] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5512] <... futex resumed>) = 1 [pid 5512] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5512] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5511] <... futex resumed>) = 0 [pid 5511] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5511] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5512] <... futex resumed>) = 1 [pid 5512] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5512] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5511] <... futex resumed>) = 0 [pid 5511] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5511] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5512] <... futex resumed>) = 1 [pid 5512] write(4, "\x00\x00", 2) = 2 [pid 5512] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5511] <... futex resumed>) = 0 [pid 5511] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5511] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5511] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5511] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5511] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5513], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5513 [pid 5511] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5511] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5512] <... futex resumed>) = 1 [pid 5512] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5512] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5512] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5513 attached [pid 5513] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5513] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5513] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5513] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5511] <... futex resumed>) = 0 [pid 5511] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5511] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5512] <... futex resumed>) = 0 [pid 5512] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5512] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5511] <... futex resumed>) = 0 [pid 5511] exit_group(0) = ? [pid 5512] <... futex resumed>) = ? [pid 5512] +++ exited with 0 +++ [pid 5513] <... futex resumed>) = ? [pid 5513] +++ exited with 0 +++ [pid 5511] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5511, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./144", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./144/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./144/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./144/binderfs") = 0 umount2("./144/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./144/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./144/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./144/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./144/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./144") = 0 mkdir("./145", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5514 ./strace-static-x86_64: Process 5514 attached [pid 5514] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5514] chdir("./145") = 0 [pid 5514] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5514] setpgid(0, 0) = 0 [ 84.457195][ T5512] loop0: detected capacity change from 0 to 256 [ 84.465688][ T5512] exfat: Deprecated parameter 'utf8' [ 84.475784][ T5512] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5514] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5514] write(3, "1000", 4) = 4 [pid 5514] close(3) = 0 [pid 5514] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5514] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5514] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5514] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5514] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5515 attached , parent_tid=[5515], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5515 [pid 5514] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5514] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5515] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5515] memfd_create("syzkaller", 0) = 3 [pid 5515] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5515] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5515] munmap(0x7f2656609000, 131072) = 0 [pid 5515] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5515] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5515] close(3) = 0 [pid 5515] mkdir("./file2", 0777) = 0 [pid 5515] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5515] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5515] chdir("./file2") = 0 [pid 5515] ioctl(4, LOOP_CLR_FD) = 0 [pid 5515] close(4) = 0 [pid 5515] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5515] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5514] <... futex resumed>) = 0 [pid 5514] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5515] <... futex resumed>) = 0 [pid 5514] <... futex resumed>) = 1 [pid 5515] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5514] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5515] <... openat resumed>) = 4 [pid 5515] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5515] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5514] <... futex resumed>) = 0 [pid 5514] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5515] <... futex resumed>) = 0 [pid 5514] <... futex resumed>) = 1 [pid 5515] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5514] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5515] <... openat resumed>) = 5 [pid 5515] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5514] <... futex resumed>) = 0 [pid 5515] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5514] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5515] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5514] <... futex resumed>) = 0 [pid 5515] write(4, "\x00\x00", 2 [pid 5514] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5515] <... write resumed>) = 2 [pid 5515] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5514] <... futex resumed>) = 0 [pid 5515] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5514] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5515] <... mmap resumed>) = 0x20000000 [pid 5514] <... futex resumed>) = 0 [pid 5514] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5515] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5514] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5515] <... futex resumed>) = 0 [pid 5515] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5514] <... mmap resumed>) = 0x7f2656608000 [pid 5514] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5514] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5516], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5516 [pid 5514] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5516 attached [pid 5514] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5516] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5516] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5516] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5516] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5514] <... futex resumed>) = 0 [pid 5516] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5514] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5515] <... futex resumed>) = 0 [pid 5514] <... futex resumed>) = 1 [pid 5515] getdents64(-1, [pid 5514] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5515] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5515] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5514] <... futex resumed>) = 0 [pid 5515] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5514] exit_group(0 [pid 5515] <... futex resumed>) = ? [pid 5514] <... exit_group resumed>) = ? [pid 5515] +++ exited with 0 +++ [pid 5516] <... futex resumed>) = ? [pid 5516] +++ exited with 0 +++ [pid 5514] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5514, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./145", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./145/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./145/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./145/binderfs") = 0 umount2("./145/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./145/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./145/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./145/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./145/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 [ 84.552161][ T5515] loop0: detected capacity change from 0 to 256 [ 84.561067][ T5515] exfat: Deprecated parameter 'utf8' [ 84.571999][ T5515] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) close(3) = 0 rmdir("./145") = 0 mkdir("./146", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5517 ./strace-static-x86_64: Process 5517 attached [pid 5517] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5517] chdir("./146") = 0 [pid 5517] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5517] setpgid(0, 0) = 0 [pid 5517] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5517] write(3, "1000", 4) = 4 [pid 5517] close(3) = 0 [pid 5517] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5517] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5517] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5517] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5517] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5518 attached , parent_tid=[5518], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5518 [pid 5518] set_robust_list(0x7f265ea299e0, 24 [pid 5517] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5518] <... set_robust_list resumed>) = 0 [pid 5517] <... futex resumed>) = 0 [pid 5518] memfd_create("syzkaller", 0) = 3 [pid 5517] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5518] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5518] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5518] munmap(0x7f2656609000, 131072) = 0 [pid 5518] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5518] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5518] close(3) = 0 [pid 5518] mkdir("./file2", 0777) = 0 [pid 5518] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5518] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5518] chdir("./file2") = 0 [pid 5518] ioctl(4, LOOP_CLR_FD) = 0 [pid 5518] close(4) = 0 [pid 5518] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5517] <... futex resumed>) = 0 [pid 5518] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5517] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5518] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5517] <... futex resumed>) = 0 [pid 5518] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5517] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5518] <... openat resumed>) = 4 [pid 5518] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5517] <... futex resumed>) = 0 [pid 5518] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5517] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5518] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5517] <... futex resumed>) = 0 [pid 5518] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5517] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5518] <... openat resumed>) = 5 [pid 5518] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5517] <... futex resumed>) = 0 [pid 5517] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5517] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5518] write(4, "\x00\x00", 2) = 2 [pid 5518] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5517] <... futex resumed>) = 0 [pid 5517] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5517] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5517] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5517] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5517] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5519 attached , parent_tid=[5519], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5519 [pid 5517] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5518] <... futex resumed>) = 1 [pid 5517] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5518] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5519] set_robust_list(0x7f26566289e0, 24 [pid 5518] <... mmap resumed>) = 0x20000000 [pid 5518] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5518] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5519] <... set_robust_list resumed>) = 0 [pid 5519] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5519] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5519] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5517] <... futex resumed>) = 0 [pid 5517] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5518] <... futex resumed>) = 0 [pid 5517] <... futex resumed>) = 1 [pid 5518] getdents64(-1, [pid 5517] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5518] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5518] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5517] <... futex resumed>) = 0 [pid 5518] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5517] exit_group(0 [pid 5518] <... futex resumed>) = ? [pid 5517] <... exit_group resumed>) = ? [pid 5518] +++ exited with 0 +++ [pid 5519] +++ exited with 0 +++ [pid 5517] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5517, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./146", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./146/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./146/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./146/binderfs") = 0 umount2("./146/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 84.660998][ T5518] loop0: detected capacity change from 0 to 256 [ 84.669849][ T5518] exfat: Deprecated parameter 'utf8' [ 84.680622][ T5518] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./146/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./146/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./146/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./146/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./146") = 0 mkdir("./147", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5520 attached [pid 5520] set_robust_list(0x555556b3a6e0, 24 [pid 5078] <... clone resumed>, child_tidptr=0x555556b3a6d0) = 5520 [pid 5520] <... set_robust_list resumed>) = 0 [pid 5520] chdir("./147") = 0 [pid 5520] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5520] setpgid(0, 0) = 0 [pid 5520] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5520] write(3, "1000", 4) = 4 [pid 5520] close(3) = 0 [pid 5520] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5520] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5520] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5520] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5520] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5521], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5521 [pid 5520] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5520] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5521 attached [pid 5521] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5521] memfd_create("syzkaller", 0) = 3 [pid 5521] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5521] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5521] munmap(0x7f2656609000, 131072) = 0 [pid 5521] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5521] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5521] close(3) = 0 [pid 5521] mkdir("./file2", 0777) = 0 [pid 5521] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5521] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5521] chdir("./file2") = 0 [pid 5521] ioctl(4, LOOP_CLR_FD) = 0 [pid 5521] close(4) = 0 [pid 5521] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5520] <... futex resumed>) = 0 [pid 5521] <... futex resumed>) = 1 [pid 5520] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5521] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5520] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5521] <... openat resumed>) = 4 [pid 5521] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5520] <... futex resumed>) = 0 [pid 5521] <... futex resumed>) = 1 [pid 5520] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5520] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5521] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5521] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5520] <... futex resumed>) = 0 [pid 5521] <... futex resumed>) = 1 [pid 5520] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5520] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5521] write(4, "\x00\x00", 2) = 2 [pid 5521] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5520] <... futex resumed>) = 0 [pid 5521] <... futex resumed>) = 1 [pid 5520] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5520] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5520] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5520] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5521] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5520] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5522], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5522 ./strace-static-x86_64: Process 5522 attached [pid 5521] <... mmap resumed>) = 0x20000000 [pid 5521] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5520] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5520] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5522] set_robust_list(0x7f26566289e0, 24 [pid 5521] <... futex resumed>) = 0 [pid 5522] <... set_robust_list resumed>) = 0 [pid 5522] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [ 84.783211][ T5521] loop0: detected capacity change from 0 to 256 [ 84.785232][ T5080] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 84.791851][ T5521] exfat: Deprecated parameter 'utf8' [ 84.811626][ T5521] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5521] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5522] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5522] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5520] <... futex resumed>) = 0 [pid 5520] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5521] <... futex resumed>) = 0 [pid 5520] <... futex resumed>) = 1 [pid 5522] <... futex resumed>) = 1 [pid 5521] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5520] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5521] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5520] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5521] <... futex resumed>) = 0 [pid 5520] exit_group(0) = ? [pid 5521] +++ exited with 0 +++ [pid 5522] +++ exited with 0 +++ [pid 5520] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5520, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./147", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./147", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./147/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./147/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./147/binderfs") = 0 umount2("./147/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./147/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./147/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./147/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./147/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./147/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./147") = 0 mkdir("./148", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5523 ./strace-static-x86_64: Process 5523 attached [pid 5523] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5523] chdir("./148") = 0 [pid 5523] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5523] setpgid(0, 0) = 0 [pid 5523] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5523] write(3, "1000", 4) = 4 [pid 5523] close(3) = 0 [pid 5523] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5523] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5523] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5523] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5523] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5524 attached , parent_tid=[5524], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5524 [pid 5524] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5524] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5523] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5524] <... futex resumed>) = 0 [pid 5523] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5524] memfd_create("syzkaller", 0) = 3 [pid 5524] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5524] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5524] munmap(0x7f2656609000, 131072) = 0 [pid 5524] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5524] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5524] close(3) = 0 [pid 5524] mkdir("./file2", 0777) = 0 [pid 5524] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5524] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5524] chdir("./file2") = 0 [pid 5524] ioctl(4, LOOP_CLR_FD) = 0 [pid 5524] close(4) = 0 [pid 5524] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5523] <... futex resumed>) = 0 [pid 5524] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5523] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5524] <... futex resumed>) = 0 [pid 5523] <... futex resumed>) = 1 [pid 5524] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5523] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5524] <... openat resumed>) = 4 [pid 5524] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5523] <... futex resumed>) = 0 [pid 5524] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5523] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5524] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5523] <... futex resumed>) = 0 [pid 5524] <... openat resumed>) = 5 [pid 5524] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5523] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5524] <... futex resumed>) = 0 [pid 5524] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5523] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5523] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5524] <... futex resumed>) = 0 [pid 5523] <... futex resumed>) = 1 [pid 5524] write(4, "\x00\x00", 2) = 2 [pid 5523] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5524] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5524] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5523] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5523] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5524] <... futex resumed>) = 0 [pid 5523] <... futex resumed>) = 1 [pid 5524] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5523] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5524] <... mmap resumed>) = 0x20000000 [pid 5523] <... futex resumed>) = 0 [pid 5524] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5523] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5524] <... futex resumed>) = 0 [pid 5523] <... mmap resumed>) = 0x7f2656608000 [pid 5524] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5523] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5523] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5525], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5525 ./strace-static-x86_64: Process 5525 attached [pid 5523] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5523] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5525] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5525] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5525] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5525] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5523] <... futex resumed>) = 0 [pid 5525] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5523] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5524] <... futex resumed>) = 0 [pid 5523] <... futex resumed>) = 1 [pid 5524] getdents64(-1, [pid 5523] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5524] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5524] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5523] <... futex resumed>) = 0 [pid 5524] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5523] exit_group(0 [pid 5525] <... futex resumed>) = ? [pid 5524] <... futex resumed>) = ? [pid 5523] <... exit_group resumed>) = ? [pid 5525] +++ exited with 0 +++ [pid 5524] +++ exited with 0 +++ [pid 5523] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5523, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./148", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./148", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./148/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./148/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./148/binderfs") = 0 [ 84.930031][ T5524] loop0: detected capacity change from 0 to 256 [ 84.939198][ T5524] exfat: Deprecated parameter 'utf8' [ 84.950113][ T5524] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./148/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./148/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./148/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./148/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./148/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./148/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./148") = 0 mkdir("./149", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5526 attached , child_tidptr=0x555556b3a6d0) = 5526 [pid 5526] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5526] chdir("./149") = 0 [pid 5526] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5526] setpgid(0, 0) = 0 [pid 5526] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5526] write(3, "1000", 4) = 4 [pid 5526] close(3) = 0 [pid 5526] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5526] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5526] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5526] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5526] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5527 attached , parent_tid=[5527], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5527 [pid 5526] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5526] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5527] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5527] memfd_create("syzkaller", 0) = 3 [pid 5527] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5527] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5527] munmap(0x7f2656609000, 131072) = 0 [pid 5527] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5527] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5527] close(3) = 0 [pid 5527] mkdir("./file2", 0777) = 0 [pid 5527] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5527] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5527] chdir("./file2") = 0 [pid 5527] ioctl(4, LOOP_CLR_FD) = 0 [pid 5527] close(4) = 0 [pid 5527] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5526] <... futex resumed>) = 0 [pid 5526] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5527] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5526] <... futex resumed>) = 0 [pid 5526] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5527] <... openat resumed>) = 4 [pid 5527] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5526] <... futex resumed>) = 0 [pid 5526] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5527] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5526] <... futex resumed>) = 0 [pid 5526] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5527] <... openat resumed>) = 5 [pid 5527] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5526] <... futex resumed>) = 0 [pid 5526] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5526] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5527] write(4, "\x00\x00", 2) = 2 [pid 5527] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5526] <... futex resumed>) = 0 [pid 5526] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5526] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5526] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5526] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5526] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5528 attached , parent_tid=[5528], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5528 [pid 5528] set_robust_list(0x7f26566289e0, 24 [pid 5526] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5528] <... set_robust_list resumed>) = 0 [pid 5526] <... futex resumed>) = 0 [pid 5528] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5526] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5527] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5527] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5528] <... openat resumed>) = 6 [pid 5528] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5526] <... futex resumed>) = 0 [pid 5526] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5526] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5527] <... futex resumed>) = 1 [pid 5526] <... futex resumed>) = 0 [pid 5528] <... futex resumed>) = 1 [pid 5526] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5527] getdents64(6, [pid 5528] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5527] <... getdents64 resumed>NULL, 32776) = -1 EFAULT (Bad address) [pid 5527] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5526] <... futex resumed>) = 0 [pid 5527] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5526] exit_group(0 [pid 5527] <... futex resumed>) = ? [pid 5526] <... exit_group resumed>) = ? [pid 5528] <... futex resumed>) = ? [pid 5527] +++ exited with 0 +++ [pid 5528] +++ exited with 0 +++ [pid 5526] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5526, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./149", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./149", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./149/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./149/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./149/binderfs") = 0 [ 85.055776][ T5527] loop0: detected capacity change from 0 to 256 [ 85.065440][ T5527] exfat: Deprecated parameter 'utf8' [ 85.077249][ T5527] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./149/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./149/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./149/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./149/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./149/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./149/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./149") = 0 mkdir("./150", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5529 ./strace-static-x86_64: Process 5529 attached [pid 5529] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5529] chdir("./150") = 0 [pid 5529] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5529] setpgid(0, 0) = 0 [pid 5529] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5529] write(3, "1000", 4) = 4 [pid 5529] close(3) = 0 [pid 5529] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5529] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5529] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5529] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5530], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5530 [pid 5529] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5529] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5530 attached [pid 5530] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5530] memfd_create("syzkaller", 0) = 3 [pid 5530] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5530] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5530] munmap(0x7f2656609000, 131072) = 0 [pid 5530] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5530] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5530] close(3) = 0 [pid 5530] mkdir("./file2", 0777) = 0 [pid 5530] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5530] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5530] chdir("./file2") = 0 [pid 5530] ioctl(4, LOOP_CLR_FD) = 0 [pid 5530] close(4) = 0 [pid 5530] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5529] <... futex resumed>) = 0 [pid 5530] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5529] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5530] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5529] <... futex resumed>) = 0 [pid 5530] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5529] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5530] <... openat resumed>) = 4 [pid 5530] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5529] <... futex resumed>) = 0 [pid 5530] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5529] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5529] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5530] <... openat resumed>) = 5 [pid 5530] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5529] <... futex resumed>) = 0 [pid 5529] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5530] <... futex resumed>) = 1 [pid 5529] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5530] write(4, "\x00\x00", 2) = 2 [pid 5530] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5529] <... futex resumed>) = 0 [pid 5530] <... futex resumed>) = 1 [pid 5529] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5529] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5530] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5529] <... mmap resumed>) = 0x7f2656608000 [pid 5529] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5530] <... mmap resumed>) = 0x20000000 [pid 5530] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5529] <... mprotect resumed>) = 0 [pid 5530] <... futex resumed>) = 0 [pid 5529] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5530] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5529] <... clone resumed>, parent_tid=[5531], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5531 [pid 5529] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5529] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5531 attached [pid 5531] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5531] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5531] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5531] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5529] <... futex resumed>) = 0 [pid 5531] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5529] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5530] <... futex resumed>) = 0 [pid 5530] getdents64(-1, [pid 5529] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5530] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5530] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5529] <... futex resumed>) = 0 [pid 5530] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5529] exit_group(0) = ? [pid 5530] <... futex resumed>) = ? [pid 5531] <... futex resumed>) = ? [pid 5531] +++ exited with 0 +++ [pid 5530] +++ exited with 0 +++ [pid 5529] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5529, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./150", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./150", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./150/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./150/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./150/binderfs") = 0 umount2("./150/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./150/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 85.158811][ T5530] loop0: detected capacity change from 0 to 256 [ 85.169246][ T5530] exfat: Deprecated parameter 'utf8' [ 85.180757][ T5530] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) lstat("./150/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./150/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./150/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./150/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./150") = 0 mkdir("./151", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5532 ./strace-static-x86_64: Process 5532 attached [pid 5532] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5532] chdir("./151") = 0 [pid 5532] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5532] setpgid(0, 0) = 0 [pid 5532] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5532] write(3, "1000", 4) = 4 [pid 5532] close(3) = 0 [pid 5532] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5532] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5532] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5532] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5532] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5533 attached , parent_tid=[5533], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5533 [pid 5532] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5532] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5533] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5533] memfd_create("syzkaller", 0) = 3 [pid 5533] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5533] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5533] munmap(0x7f2656609000, 131072) = 0 [pid 5533] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5533] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5533] close(3) = 0 [pid 5533] mkdir("./file2", 0777) = 0 [pid 5533] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5533] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5533] chdir("./file2") = 0 [pid 5533] ioctl(4, LOOP_CLR_FD) = 0 [pid 5533] close(4) = 0 [pid 5533] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5532] <... futex resumed>) = 0 [pid 5532] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5532] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5533] <... futex resumed>) = 1 [pid 5533] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5533] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5532] <... futex resumed>) = 0 [pid 5532] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5532] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5533] <... futex resumed>) = 1 [pid 5533] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5533] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5532] <... futex resumed>) = 0 [pid 5532] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5532] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5533] <... futex resumed>) = 1 [pid 5533] write(4, "\x00\x00", 2) = 2 [pid 5533] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5532] <... futex resumed>) = 0 [pid 5532] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5532] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5532] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5532] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5532] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5534], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5534 [pid 5532] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5532] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5533] <... futex resumed>) = 1 [pid 5533] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5533] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5533] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5534 attached [pid 5534] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5534] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5534] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5534] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5532] <... futex resumed>) = 0 [pid 5532] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5532] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5533] <... futex resumed>) = 0 [pid 5533] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5533] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5532] <... futex resumed>) = 0 [pid 5532] exit_group(0) = ? [pid 5533] <... futex resumed>) = ? [pid 5534] <... futex resumed>) = ? [pid 5534] +++ exited with 0 +++ [pid 5533] +++ exited with 0 +++ [pid 5532] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5532, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./151", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./151", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./151/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 85.301843][ T5533] loop0: detected capacity change from 0 to 256 [ 85.314696][ T5533] exfat: Deprecated parameter 'utf8' [ 85.326434][ T5533] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) lstat("./151/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./151/binderfs") = 0 umount2("./151/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./151/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./151/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./151/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./151/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./151/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./151") = 0 mkdir("./152", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5535 ./strace-static-x86_64: Process 5535 attached [pid 5535] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5535] chdir("./152") = 0 [pid 5535] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5535] setpgid(0, 0) = 0 [pid 5535] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5535] write(3, "1000", 4) = 4 [pid 5535] close(3) = 0 [pid 5535] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5535] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5535] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5535] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5535] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5536], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5536 [pid 5535] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5535] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5536 attached [pid 5536] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5536] memfd_create("syzkaller", 0) = 3 [pid 5536] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5536] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5536] munmap(0x7f2656609000, 131072) = 0 [pid 5536] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5536] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5536] close(3) = 0 [pid 5536] mkdir("./file2", 0777) = 0 [pid 5536] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5536] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5536] chdir("./file2") = 0 [pid 5536] ioctl(4, LOOP_CLR_FD) = 0 [pid 5536] close(4) = 0 [pid 5536] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5536] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5535] <... futex resumed>) = 0 [pid 5535] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5536] <... futex resumed>) = 0 [pid 5535] <... futex resumed>) = 1 [pid 5536] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5535] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5536] <... openat resumed>) = 4 [ 85.443703][ T5536] loop0: detected capacity change from 0 to 256 [ 85.449519][ T5080] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 85.455736][ T5536] exfat: Deprecated parameter 'utf8' [ 85.481273][ T5536] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5536] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5535] <... futex resumed>) = 0 [pid 5536] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5535] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5536] <... openat resumed>) = 5 [pid 5535] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5536] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5535] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5536] <... futex resumed>) = 0 [pid 5535] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5536] write(4, "\x00\x00", 2 [pid 5535] <... futex resumed>) = 0 [pid 5536] <... write resumed>) = 2 [pid 5535] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5536] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5535] <... futex resumed>) = 0 [pid 5536] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5535] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5536] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5535] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5536] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5535] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5536] <... mmap resumed>) = 0x20000000 [pid 5535] <... mmap resumed>) = 0x7f2656608000 [pid 5536] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5535] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5536] <... futex resumed>) = 0 [pid 5536] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5535] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5537], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5537 [pid 5535] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5535] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5537 attached [pid 5537] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5537] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5537] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5537] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5535] <... futex resumed>) = 0 [pid 5537] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5535] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5536] <... futex resumed>) = 0 [pid 5536] getdents64(-1, [pid 5535] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5536] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5536] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5535] <... futex resumed>) = 0 [pid 5536] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5535] exit_group(0 [pid 5537] <... futex resumed>) = ? [pid 5536] <... futex resumed>) = ? [pid 5535] <... exit_group resumed>) = ? [pid 5536] +++ exited with 0 +++ [pid 5537] +++ exited with 0 +++ [pid 5535] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5535, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./152", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./152", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./152/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./152/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./152/binderfs") = 0 umount2("./152/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./152/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./152/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./152/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./152/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./152/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./152") = 0 mkdir("./153", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5538 ./strace-static-x86_64: Process 5538 attached [pid 5538] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5538] chdir("./153") = 0 [pid 5538] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5538] setpgid(0, 0) = 0 [pid 5538] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5538] write(3, "1000", 4) = 4 [pid 5538] close(3) = 0 [pid 5538] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5538] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5538] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5538] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5538] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5539], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5539 [pid 5538] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5538] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5539 attached [pid 5539] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5539] memfd_create("syzkaller", 0) = 3 [pid 5539] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5539] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5539] munmap(0x7f2656609000, 131072) = 0 [pid 5539] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5539] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5539] close(3) = 0 [pid 5539] mkdir("./file2", 0777) = 0 [pid 5539] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5539] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5539] chdir("./file2") = 0 [pid 5539] ioctl(4, LOOP_CLR_FD) = 0 [pid 5539] close(4) = 0 [pid 5539] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5538] <... futex resumed>) = 0 [pid 5539] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5538] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5539] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5538] <... futex resumed>) = 0 [pid 5539] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5538] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5539] <... openat resumed>) = 4 [pid 5539] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5538] <... futex resumed>) = 0 [pid 5539] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5538] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5539] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5538] <... futex resumed>) = 0 [pid 5539] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5538] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5539] <... openat resumed>) = 5 [pid 5539] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5538] <... futex resumed>) = 0 [pid 5539] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5538] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5538] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5539] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5539] write(4, "\x00\x00", 2) = 2 [pid 5539] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5538] <... futex resumed>) = 0 [pid 5538] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5538] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5538] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5538] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5539] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5538] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5540], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5540 [pid 5538] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5538] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5540 attached [pid 5539] <... mmap resumed>) = 0x20000000 [pid 5540] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5540] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5540] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5540] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5538] <... futex resumed>) = 0 [pid 5539] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5538] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5539] <... futex resumed>) = 0 [pid 5538] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5540] <... futex resumed>) = 1 [pid 5539] getdents64(-1, [pid 5540] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5539] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5539] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5538] <... futex resumed>) = 0 [pid 5539] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5538] exit_group(0) = ? [pid 5539] <... futex resumed>) = ? [pid 5540] <... futex resumed>) = ? [pid 5539] +++ exited with 0 +++ [pid 5540] +++ exited with 0 +++ [pid 5538] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5538, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./153", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./153", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./153/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./153/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./153/binderfs") = 0 umount2("./153/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 85.611204][ T5539] loop0: detected capacity change from 0 to 256 [ 85.621124][ T5539] exfat: Deprecated parameter 'utf8' [ 85.630828][ T5539] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./153/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./153/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./153/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./153/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./153/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./153") = 0 mkdir("./154", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5541 ./strace-static-x86_64: Process 5541 attached [pid 5541] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5541] chdir("./154") = 0 [pid 5541] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5541] setpgid(0, 0) = 0 [pid 5541] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5541] write(3, "1000", 4) = 4 [pid 5541] close(3) = 0 [pid 5541] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5541] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5541] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5541] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5541] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5542], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5542 [pid 5541] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5541] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5542 attached [pid 5542] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5542] memfd_create("syzkaller", 0) = 3 [pid 5542] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5542] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5542] munmap(0x7f2656609000, 131072) = 0 [pid 5542] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5542] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5542] close(3) = 0 [pid 5542] mkdir("./file2", 0777) = 0 [pid 5542] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5542] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5542] chdir("./file2") = 0 [pid 5542] ioctl(4, LOOP_CLR_FD) = 0 [pid 5542] close(4) = 0 [pid 5542] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5541] <... futex resumed>) = 0 [pid 5541] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5541] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5542] <... futex resumed>) = 1 [pid 5542] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5542] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5541] <... futex resumed>) = 0 [pid 5541] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5541] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5542] <... futex resumed>) = 1 [pid 5542] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5542] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5541] <... futex resumed>) = 0 [pid 5541] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5541] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5542] <... futex resumed>) = 1 [pid 5542] write(4, "\x00\x00", 2) = 2 [pid 5542] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5541] <... futex resumed>) = 0 [pid 5541] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5541] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5541] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5541] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5541] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5543], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5543 [pid 5541] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5541] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5542] <... futex resumed>) = 1 [pid 5542] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5542] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5542] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5543 attached [pid 5543] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5543] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5543] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5543] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5541] <... futex resumed>) = 0 [pid 5541] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5542] <... futex resumed>) = 0 [pid 5541] <... futex resumed>) = 1 [pid 5542] getdents64(-1, [pid 5541] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5542] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5542] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5541] <... futex resumed>) = 0 [pid 5542] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5541] exit_group(0 [pid 5542] <... futex resumed>) = ? [pid 5541] <... exit_group resumed>) = ? [pid 5542] +++ exited with 0 +++ [pid 5543] +++ exited with 0 +++ [pid 5541] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5541, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./154", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./154", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./154/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./154/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./154/binderfs") = 0 umount2("./154/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./154/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./154/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./154/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./154/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./154/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 [ 85.723491][ T5542] loop0: detected capacity change from 0 to 256 [ 85.733144][ T5542] exfat: Deprecated parameter 'utf8' [ 85.743164][ T5542] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) close(3) = 0 rmdir("./154") = 0 mkdir("./155", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5544 ./strace-static-x86_64: Process 5544 attached [pid 5544] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5544] chdir("./155") = 0 [pid 5544] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5544] setpgid(0, 0) = 0 [pid 5544] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5544] write(3, "1000", 4) = 4 [pid 5544] close(3) = 0 [pid 5544] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5544] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5544] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5544] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5544] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5545 attached , parent_tid=[5545], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5545 [pid 5545] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5545] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5544] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5545] <... futex resumed>) = 0 [pid 5544] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5545] memfd_create("syzkaller", 0) = 3 [pid 5545] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5545] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5545] munmap(0x7f2656609000, 131072) = 0 [pid 5545] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5545] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5545] close(3) = 0 [pid 5545] mkdir("./file2", 0777) = 0 [pid 5545] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5545] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5545] chdir("./file2") = 0 [pid 5545] ioctl(4, LOOP_CLR_FD) = 0 [pid 5545] close(4) = 0 [pid 5545] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5544] <... futex resumed>) = 0 [pid 5545] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5544] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5545] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5544] <... futex resumed>) = 0 [pid 5544] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5545] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5545] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5544] <... futex resumed>) = 0 [pid 5544] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5545] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5544] <... futex resumed>) = 0 [pid 5544] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5545] <... openat resumed>) = 5 [pid 5545] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5544] <... futex resumed>) = 0 [pid 5544] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5544] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5545] write(4, "\x00\x00", 2) = 2 [pid 5545] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5544] <... futex resumed>) = 0 [pid 5545] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5544] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5544] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5544] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5545] <... mmap resumed>) = 0x20000000 [pid 5545] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5544] <... mmap resumed>) = 0x7f2656608000 [pid 5544] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5545] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5544] <... mprotect resumed>) = 0 [pid 5544] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5546 attached , parent_tid=[5546], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5546 [pid 5546] set_robust_list(0x7f26566289e0, 24 [pid 5544] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5546] <... set_robust_list resumed>) = 0 [pid 5544] <... futex resumed>) = 0 [pid 5544] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5546] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5546] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5546] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5544] <... futex resumed>) = 0 [pid 5546] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5544] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5545] <... futex resumed>) = 0 [pid 5544] <... futex resumed>) = 1 [pid 5544] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5545] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5545] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5544] <... futex resumed>) = 0 [pid 5545] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5544] exit_group(0 [pid 5545] <... futex resumed>) = ? [pid 5544] <... exit_group resumed>) = ? [pid 5545] +++ exited with 0 +++ [pid 5546] <... futex resumed>) = ? [pid 5546] +++ exited with 0 +++ [pid 5544] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5544, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./155", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./155", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./155/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./155/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./155/binderfs") = 0 [ 85.830538][ T5545] loop0: detected capacity change from 0 to 256 [ 85.839373][ T5545] exfat: Deprecated parameter 'utf8' [ 85.849479][ T5545] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./155/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./155/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./155/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./155/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./155/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./155/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./155") = 0 mkdir("./156", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5547 ./strace-static-x86_64: Process 5547 attached [pid 5547] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5547] chdir("./156") = 0 [pid 5547] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5547] setpgid(0, 0) = 0 [pid 5547] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5547] write(3, "1000", 4) = 4 [pid 5547] close(3) = 0 [pid 5547] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5547] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5547] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5547] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5547] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5548 attached , parent_tid=[5548], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5548 [pid 5547] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5548] set_robust_list(0x7f265ea299e0, 24 [pid 5547] <... futex resumed>) = 0 [pid 5548] <... set_robust_list resumed>) = 0 [pid 5547] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5548] memfd_create("syzkaller", 0) = 3 [pid 5548] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5548] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5548] munmap(0x7f2656609000, 131072) = 0 [pid 5548] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5548] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5548] close(3) = 0 [pid 5548] mkdir("./file2", 0777) = 0 [pid 5548] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5548] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5548] chdir("./file2") = 0 [pid 5548] ioctl(4, LOOP_CLR_FD) = 0 [pid 5548] close(4) = 0 [pid 5548] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5547] <... futex resumed>) = 0 [pid 5547] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5547] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5548] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5548] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5547] <... futex resumed>) = 0 [pid 5547] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5547] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5548] <... futex resumed>) = 1 [pid 5548] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5548] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5547] <... futex resumed>) = 0 [pid 5548] write(4, "\x00\x00", 2 [pid 5547] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5548] <... write resumed>) = 2 [pid 5547] <... futex resumed>) = 0 [pid 5548] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5548] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5547] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5547] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5548] <... futex resumed>) = 0 [pid 5547] <... futex resumed>) = 1 [pid 5548] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5547] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5548] <... mmap resumed>) = 0x20000000 [pid 5547] <... futex resumed>) = 0 [pid 5548] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5547] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5548] <... futex resumed>) = 0 [pid 5547] <... mmap resumed>) = 0x7f2656608000 [pid 5548] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5547] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5547] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5549], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5549 [pid 5547] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5547] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5549 attached [pid 5549] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5549] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5549] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5549] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5547] <... futex resumed>) = 0 [pid 5547] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5548] <... futex resumed>) = 0 [pid 5547] <... futex resumed>) = 1 [pid 5548] getdents64(-1, [pid 5547] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5548] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5548] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5547] <... futex resumed>) = 0 [pid 5548] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5547] exit_group(0 [pid 5548] <... futex resumed>) = ? [pid 5547] <... exit_group resumed>) = ? [pid 5548] +++ exited with 0 +++ [pid 5549] <... futex resumed>) = ? [pid 5549] +++ exited with 0 +++ [pid 5547] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5547, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./156", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./156", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./156/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./156/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./156/binderfs") = 0 [ 85.956792][ T5548] loop0: detected capacity change from 0 to 256 [ 85.965821][ T5548] exfat: Deprecated parameter 'utf8' [ 85.979041][ T5548] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./156/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./156/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./156/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./156/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./156/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./156/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./156") = 0 mkdir("./157", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5550 ./strace-static-x86_64: Process 5550 attached [pid 5550] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5550] chdir("./157") = 0 [pid 5550] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5550] setpgid(0, 0) = 0 [pid 5550] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5550] write(3, "1000", 4) = 4 [pid 5550] close(3) = 0 [pid 5550] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5550] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5550] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5550] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5550] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5551], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5551 [pid 5550] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5550] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5551 attached [pid 5551] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5551] memfd_create("syzkaller", 0) = 3 [pid 5551] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5551] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5551] munmap(0x7f2656609000, 131072) = 0 [pid 5551] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5551] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5551] close(3) = 0 [pid 5551] mkdir("./file2", 0777) = 0 [pid 5551] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5551] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5551] chdir("./file2") = 0 [pid 5551] ioctl(4, LOOP_CLR_FD) = 0 [pid 5551] close(4) = 0 [pid 5551] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5551] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5550] <... futex resumed>) = 0 [pid 5550] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5551] <... futex resumed>) = 0 [pid 5551] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5550] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5551] <... openat resumed>) = 4 [pid 5551] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5550] <... futex resumed>) = 0 [pid 5551] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5550] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5550] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5551] <... futex resumed>) = 0 [pid 5551] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5551] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5550] <... futex resumed>) = 0 [pid 5550] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5550] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5551] <... futex resumed>) = 1 [pid 5551] write(4, "\x00\x00", 2) = 2 [pid 5551] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5550] <... futex resumed>) = 0 [pid 5550] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5550] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5550] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5550] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5550] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5552 attached , parent_tid=[5552], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5552 [pid 5550] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5550] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5551] <... futex resumed>) = 1 [pid 5551] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5552] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5551] <... mmap resumed>) = 0x20000000 [pid 5551] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5551] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5552] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5552] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5552] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5550] <... futex resumed>) = 0 [pid 5550] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5550] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5551] <... futex resumed>) = 0 [pid 5551] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5551] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5550] <... futex resumed>) = 0 [pid 5550] exit_group(0) = ? [pid 5551] <... futex resumed>) = ? [pid 5552] <... futex resumed>) = ? [pid 5552] +++ exited with 0 +++ [pid 5551] +++ exited with 0 +++ [pid 5550] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5550, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./157", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./157", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./157/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./157/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./157/binderfs") = 0 umount2("./157/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 86.063129][ T5551] loop0: detected capacity change from 0 to 256 [ 86.071700][ T5551] exfat: Deprecated parameter 'utf8' [ 86.081558][ T5551] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./157/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./157/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./157/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./157/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./157/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./157") = 0 mkdir("./158", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5553 ./strace-static-x86_64: Process 5553 attached [pid 5553] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5553] chdir("./158") = 0 [pid 5553] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5553] setpgid(0, 0) = 0 [pid 5553] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5553] write(3, "1000", 4) = 4 [pid 5553] close(3) = 0 [pid 5553] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5553] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5553] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5553] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5553] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5554 attached [pid 5554] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5553] <... clone resumed>, parent_tid=[5554], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5554 [pid 5553] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5553] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5554] memfd_create("syzkaller", 0) = 3 [pid 5554] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5554] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5554] munmap(0x7f2656609000, 131072) = 0 [pid 5554] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5554] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5554] close(3) = 0 [pid 5554] mkdir("./file2", 0777) = 0 [pid 5554] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5554] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5554] chdir("./file2") = 0 [pid 5554] ioctl(4, LOOP_CLR_FD) = 0 [pid 5554] close(4) = 0 [pid 5554] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5553] <... futex resumed>) = 0 [pid 5554] <... futex resumed>) = 1 [pid 5553] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5554] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5553] <... futex resumed>) = 0 [pid 5553] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5554] <... openat resumed>) = 4 [pid 5554] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5553] <... futex resumed>) = 0 [pid 5554] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5553] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5553] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5554] <... openat resumed>) = 5 [pid 5554] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5553] <... futex resumed>) = 0 [pid 5554] <... futex resumed>) = 1 [pid 5554] write(4, "\x00\x00", 2 [pid 5553] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5553] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5554] <... write resumed>) = 2 [pid 5554] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5553] <... futex resumed>) = 0 [pid 5553] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5553] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5553] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5553] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5554] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5553] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5555 attached [pid 5555] set_robust_list(0x7f26566289e0, 24 [pid 5553] <... clone resumed>, parent_tid=[5555], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5555 [pid 5553] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5555] <... set_robust_list resumed>) = 0 [pid 5553] <... futex resumed>) = 0 [pid 5555] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5553] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5554] <... mmap resumed>) = 0x20000000 [pid 5554] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5555] <... openat resumed>) = 6 [pid 5554] <... futex resumed>) = 0 [pid 5555] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5553] <... futex resumed>) = 0 [pid 5553] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5553] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5555] <... futex resumed>) = 1 [pid 5555] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5554] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 5554] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5553] <... futex resumed>) = 0 [pid 5553] exit_group(0) = ? [pid 5555] <... futex resumed>) = ? [pid 5555] +++ exited with 0 +++ [pid 5554] +++ exited with 0 +++ [pid 5553] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5553, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./158", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./158", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./158/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./158/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./158/binderfs") = 0 [ 86.195665][ T5554] loop0: detected capacity change from 0 to 256 [ 86.204974][ T5554] exfat: Deprecated parameter 'utf8' [ 86.216493][ T5554] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./158/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./158/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./158/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./158/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./158/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./158/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./158") = 0 mkdir("./159", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5556 ./strace-static-x86_64: Process 5556 attached [pid 5556] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5556] chdir("./159") = 0 [pid 5556] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5556] setpgid(0, 0) = 0 [pid 5556] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5556] write(3, "1000", 4) = 4 [pid 5556] close(3) = 0 [pid 5556] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5556] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5556] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5556] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5556] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5557], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5557 [pid 5556] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5556] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5557 attached [pid 5557] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5557] memfd_create("syzkaller", 0) = 3 [pid 5557] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5557] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5557] munmap(0x7f2656609000, 131072) = 0 [pid 5557] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5557] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5557] close(3) = 0 [pid 5557] mkdir("./file2", 0777) = 0 [pid 5557] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5557] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5557] chdir("./file2") = 0 [pid 5557] ioctl(4, LOOP_CLR_FD) = 0 [pid 5557] close(4) = 0 [pid 5557] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5556] <... futex resumed>) = 0 [pid 5557] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5556] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5556] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5557] <... openat resumed>) = 4 [pid 5557] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5556] <... futex resumed>) = 0 [pid 5557] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5556] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5556] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5557] <... openat resumed>) = 5 [pid 5557] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5557] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5556] <... futex resumed>) = 0 [pid 5556] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5556] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5557] <... futex resumed>) = 0 [pid 5557] write(4, "\x00\x00", 2) = 2 [pid 5557] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5556] <... futex resumed>) = 0 [pid 5556] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5556] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5556] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5556] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5556] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5558], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5558 ./strace-static-x86_64: Process 5558 attached [pid 5556] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5556] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5557] <... futex resumed>) = 1 [pid 5557] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5558] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5557] <... mmap resumed>) = 0x20000000 [pid 5557] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5557] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5558] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5558] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5558] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5556] <... futex resumed>) = 0 [pid 5556] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5556] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5557] <... futex resumed>) = 0 [pid 5557] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5557] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5556] <... futex resumed>) = 0 [pid 5556] exit_group(0) = ? [pid 5557] <... futex resumed>) = ? [pid 5557] +++ exited with 0 +++ [pid 5558] <... futex resumed>) = ? [pid 5558] +++ exited with 0 +++ [pid 5556] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5556, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./159", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./159", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 86.300131][ T5557] loop0: detected capacity change from 0 to 256 [ 86.305769][ T5080] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 86.309218][ T5557] exfat: Deprecated parameter 'utf8' [ 86.327551][ T5557] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./159/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./159/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./159/binderfs") = 0 umount2("./159/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./159/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./159/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./159/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./159/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./159/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./159") = 0 mkdir("./160", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5559 attached [pid 5559] set_robust_list(0x555556b3a6e0, 24 [pid 5078] <... clone resumed>, child_tidptr=0x555556b3a6d0) = 5559 [pid 5559] <... set_robust_list resumed>) = 0 [pid 5559] chdir("./160") = 0 [pid 5559] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5559] setpgid(0, 0) = 0 [pid 5559] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5559] write(3, "1000", 4) = 4 [pid 5559] close(3) = 0 [pid 5559] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5559] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5559] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5559] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5559] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5560], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5560 [pid 5559] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5559] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5560 attached [pid 5560] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5560] memfd_create("syzkaller", 0) = 3 [pid 5560] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5560] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5560] munmap(0x7f2656609000, 131072) = 0 [pid 5560] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5560] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5560] close(3) = 0 [pid 5560] mkdir("./file2", 0777) = 0 [pid 5560] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5560] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5560] chdir("./file2") = 0 [pid 5560] ioctl(4, LOOP_CLR_FD) = 0 [pid 5560] close(4) = 0 [pid 5560] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5559] <... futex resumed>) = 0 [pid 5560] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5559] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5560] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5559] <... futex resumed>) = 0 [pid 5560] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5559] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5560] <... openat resumed>) = 4 [pid 5560] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5559] <... futex resumed>) = 0 [pid 5560] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5559] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5560] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5559] <... futex resumed>) = 0 [pid 5560] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5559] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5560] <... openat resumed>) = 5 [pid 5560] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5559] <... futex resumed>) = 0 [pid 5560] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5559] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5560] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5559] <... futex resumed>) = 0 [pid 5560] write(4, "\x00\x00", 2 [pid 5559] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5560] <... write resumed>) = 2 [pid 5560] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5559] <... futex resumed>) = 0 [pid 5560] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5559] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5560] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5559] <... futex resumed>) = 0 [pid 5560] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5559] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5560] <... mmap resumed>) = 0x20000000 [pid 5559] <... futex resumed>) = 0 [pid 5560] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5559] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5560] <... futex resumed>) = 0 [pid 5559] <... mmap resumed>) = 0x7f2656608000 [pid 5560] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5559] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5559] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5561 attached , parent_tid=[5561], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5561 [pid 5561] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5561] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5559] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5561] <... futex resumed>) = 0 [pid 5561] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5561] openat(AT_FDCWD, "", O_RDONLY [pid 5559] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5561] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5561] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5559] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5561] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5559] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5560] <... futex resumed>) = 0 [pid 5559] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5560] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5560] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5559] <... futex resumed>) = 0 [pid 5559] exit_group(0 [pid 5560] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5559] <... exit_group resumed>) = ? [pid 5560] <... futex resumed>) = ? [pid 5561] <... futex resumed>) = ? [pid 5561] +++ exited with 0 +++ [pid 5560] +++ exited with 0 +++ [pid 5559] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5559, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./160", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./160", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./160/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./160/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./160/binderfs") = 0 umount2("./160/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./160/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./160/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./160/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./160/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 [ 86.418661][ T5560] loop0: detected capacity change from 0 to 256 [ 86.427823][ T5560] exfat: Deprecated parameter 'utf8' [ 86.437702][ T5560] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) rmdir("./160/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./160") = 0 mkdir("./161", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5562 ./strace-static-x86_64: Process 5562 attached [pid 5562] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5562] chdir("./161") = 0 [pid 5562] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5562] setpgid(0, 0) = 0 [pid 5562] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5562] write(3, "1000", 4) = 4 [pid 5562] close(3) = 0 [pid 5562] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5562] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5562] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5562] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5562] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5563], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5563 [pid 5562] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5562] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5563 attached [pid 5563] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5563] memfd_create("syzkaller", 0) = 3 [pid 5563] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5563] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5563] munmap(0x7f2656609000, 131072) = 0 [pid 5563] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5563] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5563] close(3) = 0 [pid 5563] mkdir("./file2", 0777) = 0 [pid 5563] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5563] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5563] chdir("./file2") = 0 [pid 5563] ioctl(4, LOOP_CLR_FD) = 0 [pid 5563] close(4) = 0 [pid 5563] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5562] <... futex resumed>) = 0 [pid 5562] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5562] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5563] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5563] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5562] <... futex resumed>) = 0 [pid 5562] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5562] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5563] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5563] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5562] <... futex resumed>) = 0 [pid 5562] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5563] write(4, "\x00\x00", 2 [pid 5562] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5563] <... write resumed>) = 2 [pid 5563] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5562] <... futex resumed>) = 0 [pid 5562] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5562] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5562] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5563] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5562] <... mmap resumed>) = 0x7f2656608000 [pid 5562] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5563] <... mmap resumed>) = 0x20000000 [pid 5562] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5563] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5562] <... clone resumed>, parent_tid=[5564], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5564 [pid 5562] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5562] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5564 attached [pid 5564] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5564] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5563] <... futex resumed>) = 0 [pid 5563] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5564] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5564] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5562] <... futex resumed>) = 0 [pid 5562] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5563] <... futex resumed>) = 0 [pid 5562] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5563] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5564] <... futex resumed>) = 1 [pid 5563] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5564] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5563] <... futex resumed>) = 1 [pid 5562] <... futex resumed>) = 0 [pid 5563] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5562] exit_group(0 [pid 5563] <... futex resumed>) = ? [pid 5562] <... exit_group resumed>) = ? [pid 5563] +++ exited with 0 +++ [ 86.528311][ T5563] loop0: detected capacity change from 0 to 256 [ 86.538630][ T5563] exfat: Deprecated parameter 'utf8' [ 86.549895][ T5563] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5564] <... futex resumed>) = ? [pid 5564] +++ exited with 0 +++ [pid 5562] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5562, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./161", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./161", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./161/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./161/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./161/binderfs") = 0 umount2("./161/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./161/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./161/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./161/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./161/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./161/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./161") = 0 mkdir("./162", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5565 ./strace-static-x86_64: Process 5565 attached [pid 5565] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5565] chdir("./162") = 0 [pid 5565] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5565] setpgid(0, 0) = 0 [pid 5565] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5565] write(3, "1000", 4) = 4 [pid 5565] close(3) = 0 [pid 5565] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5565] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5565] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5565] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5565] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5566 attached , parent_tid=[5566], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5566 [pid 5566] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5566] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5565] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5566] <... futex resumed>) = 0 [pid 5566] memfd_create("syzkaller", 0 [pid 5565] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5566] <... memfd_create resumed>) = 3 [pid 5566] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5566] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5566] munmap(0x7f2656609000, 131072) = 0 [pid 5566] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5566] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5566] close(3) = 0 [pid 5566] mkdir("./file2", 0777) = 0 [pid 5566] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5566] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5566] chdir("./file2") = 0 [pid 5566] ioctl(4, LOOP_CLR_FD) = 0 [pid 5566] close(4) = 0 [pid 5566] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5565] <... futex resumed>) = 0 [pid 5566] <... futex resumed>) = 1 [pid 5565] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5566] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5565] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5566] <... openat resumed>) = 4 [pid 5566] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5565] <... futex resumed>) = 0 [pid 5566] <... futex resumed>) = 1 [pid 5565] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5566] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5565] <... futex resumed>) = 0 [pid 5565] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5566] <... openat resumed>) = 5 [pid 5566] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5565] <... futex resumed>) = 0 [pid 5566] write(4, "\x00\x00", 2 [pid 5565] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5565] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5566] <... write resumed>) = 2 [pid 5566] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5565] <... futex resumed>) = 0 [pid 5566] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5565] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5565] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5566] <... mmap resumed>) = 0x20000000 [pid 5565] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5566] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5565] <... mmap resumed>) = 0x7f2656608000 [pid 5566] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5565] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5565] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5567], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5567 ./strace-static-x86_64: Process 5567 attached [pid 5567] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5567] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5565] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5567] <... futex resumed>) = 0 [pid 5567] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5567] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5567] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5567] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5565] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5565] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5566] <... futex resumed>) = 0 [pid 5565] <... futex resumed>) = 1 [pid 5566] getdents64(-1, [pid 5565] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5566] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5566] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5565] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5566] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5565] exit_group(0) = ? [pid 5566] <... futex resumed>) = ? [pid 5567] <... futex resumed>) = ? [pid 5567] +++ exited with 0 +++ [pid 5566] +++ exited with 0 +++ [pid 5565] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5565, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./162", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./162", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./162/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./162/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./162/binderfs") = 0 umount2("./162/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./162/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./162/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 86.679773][ T5566] loop0: detected capacity change from 0 to 256 [ 86.688405][ T5566] exfat: Deprecated parameter 'utf8' [ 86.699822][ T5566] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./162/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./162/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./162/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./162") = 0 mkdir("./163", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5568 ./strace-static-x86_64: Process 5568 attached [pid 5568] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5568] chdir("./163") = 0 [pid 5568] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5568] setpgid(0, 0) = 0 [pid 5568] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5568] write(3, "1000", 4) = 4 [pid 5568] close(3) = 0 [pid 5568] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5568] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5568] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5568] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5568] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5569], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5569 [pid 5568] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5568] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5569 attached [pid 5569] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5569] memfd_create("syzkaller", 0) = 3 [pid 5569] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5569] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5569] munmap(0x7f2656609000, 131072) = 0 [pid 5569] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5569] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5569] close(3) = 0 [pid 5569] mkdir("./file2", 0777) = 0 [pid 5569] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5569] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5569] chdir("./file2") = 0 [pid 5569] ioctl(4, LOOP_CLR_FD) = 0 [pid 5569] close(4) = 0 [pid 5569] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5569] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5568] <... futex resumed>) = 0 [pid 5568] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5569] <... futex resumed>) = 0 [pid 5569] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5568] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5569] <... openat resumed>) = 4 [pid 5569] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5569] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5568] <... futex resumed>) = 0 [pid 5568] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5569] <... futex resumed>) = 0 [pid 5569] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5568] <... futex resumed>) = 1 [pid 5568] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5569] <... openat resumed>) = 5 [pid 5569] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5569] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5568] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5568] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5569] <... futex resumed>) = 0 [pid 5569] write(4, "\x00\x00", 2) = 2 [pid 5569] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5569] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5568] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5568] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5569] <... futex resumed>) = 0 [pid 5569] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5569] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5569] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5568] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5569] <... futex resumed>) = 0 [pid 5569] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5569] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5569] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5569] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5568] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5568] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5569] <... futex resumed>) = 0 [pid 5569] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5569] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5569] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5568] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5568] exit_group(0) = ? [pid 5569] <... futex resumed>) = ? [pid 5569] +++ exited with 0 +++ [pid 5568] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5568, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./163", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./163", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./163/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./163/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./163/binderfs") = 0 [ 86.797293][ T5569] loop0: detected capacity change from 0 to 256 [ 86.805621][ T5569] exfat: Deprecated parameter 'utf8' [ 86.816654][ T5569] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./163/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./163/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./163/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./163/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./163/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./163/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./163") = 0 mkdir("./164", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5570 ./strace-static-x86_64: Process 5570 attached [pid 5570] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5570] chdir("./164") = 0 [pid 5570] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5570] setpgid(0, 0) = 0 [pid 5570] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5570] write(3, "1000", 4) = 4 [pid 5570] close(3) = 0 [pid 5570] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5570] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5570] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5570] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5570] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5571 attached [pid 5571] set_robust_list(0x7f265ea299e0, 24 [pid 5570] <... clone resumed>, parent_tid=[5571], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5571 [pid 5571] <... set_robust_list resumed>) = 0 [pid 5570] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5570] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5571] memfd_create("syzkaller", 0) = 3 [pid 5571] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5571] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5571] munmap(0x7f2656609000, 131072) = 0 [pid 5571] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5571] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5571] close(3) = 0 [pid 5571] mkdir("./file2", 0777) = 0 [pid 5571] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5571] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5571] chdir("./file2") = 0 [pid 5571] ioctl(4, LOOP_CLR_FD) = 0 [pid 5571] close(4) = 0 [pid 5571] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5570] <... futex resumed>) = 0 [pid 5571] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5570] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5570] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5571] <... openat resumed>) = 4 [pid 5571] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5570] <... futex resumed>) = 0 [pid 5571] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5570] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5571] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5570] <... futex resumed>) = 0 [pid 5571] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5570] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5571] <... openat resumed>) = 5 [pid 5571] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5570] <... futex resumed>) = 0 [pid 5571] write(4, "\x00\x00", 2 [pid 5570] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5571] <... write resumed>) = 2 [pid 5571] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5570] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5571] <... futex resumed>) = 0 [pid 5570] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5571] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5570] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5571] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5570] <... futex resumed>) = 0 [pid 5571] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5570] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5571] <... mmap resumed>) = 0x20000000 [pid 5570] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5571] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5570] <... mmap resumed>) = 0x7f2656608000 [pid 5571] <... futex resumed>) = 0 [pid 5571] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5570] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5570] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5572], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5572 ./strace-static-x86_64: Process 5572 attached [pid 5570] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5570] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5572] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5572] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5572] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5572] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5570] <... futex resumed>) = 0 [pid 5572] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5570] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5571] <... futex resumed>) = 0 [pid 5570] <... futex resumed>) = 1 [pid 5571] getdents64(-1, [pid 5570] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5571] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5571] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5570] <... futex resumed>) = 0 [pid 5571] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5570] exit_group(0 [pid 5572] <... futex resumed>) = ? [pid 5571] <... futex resumed>) = ? [pid 5570] <... exit_group resumed>) = ? [pid 5572] +++ exited with 0 +++ [pid 5571] +++ exited with 0 +++ [pid 5570] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5570, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./164", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./164", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./164/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./164/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./164/binderfs") = 0 umount2("./164/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 86.917680][ T5571] loop0: detected capacity change from 0 to 256 [ 86.929487][ T5571] exfat: Deprecated parameter 'utf8' [ 86.940556][ T5571] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./164/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./164/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./164/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./164/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./164/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./164") = 0 mkdir("./165", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5573 ./strace-static-x86_64: Process 5573 attached [pid 5573] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5573] chdir("./165") = 0 [pid 5573] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5573] setpgid(0, 0) = 0 [pid 5573] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5573] write(3, "1000", 4) = 4 [pid 5573] close(3) = 0 [pid 5573] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5573] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5573] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5573] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5573] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5574 attached , parent_tid=[5574], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5574 [pid 5573] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5573] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5574] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5574] memfd_create("syzkaller", 0) = 3 [pid 5574] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5574] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5574] munmap(0x7f2656609000, 131072) = 0 [pid 5574] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5574] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5574] close(3) = 0 [pid 5574] mkdir("./file2", 0777) = 0 [pid 5574] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5574] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5574] chdir("./file2") = 0 [pid 5574] ioctl(4, LOOP_CLR_FD) = 0 [pid 5574] close(4) = 0 [pid 5574] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5573] <... futex resumed>) = 0 [pid 5573] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5574] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5573] <... futex resumed>) = 0 [pid 5573] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5574] <... openat resumed>) = 4 [pid 5574] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5573] <... futex resumed>) = 0 [pid 5574] <... futex resumed>) = 1 [pid 5573] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5574] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5573] <... futex resumed>) = 0 [pid 5574] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5573] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5574] <... futex resumed>) = 0 [pid 5573] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5574] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5573] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5574] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5573] <... futex resumed>) = 0 [pid 5574] write(4, "\x00\x00", 2 [pid 5573] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5574] <... write resumed>) = 2 [pid 5574] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5573] <... futex resumed>) = 0 [pid 5574] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5573] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5574] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5573] <... futex resumed>) = 0 [pid 5574] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5573] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5574] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5574] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5573] <... futex resumed>) = 0 [pid 5573] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5573] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5573] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5575 attached , parent_tid=[5575], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5575 [pid 5573] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5573] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5575] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5575] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5575] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5575] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5573] <... futex resumed>) = 0 [pid 5575] <... futex resumed>) = 1 [pid 5575] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5573] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5574] <... futex resumed>) = 0 [pid 5573] <... futex resumed>) = 1 [pid 5574] getdents64(-1, [pid 5573] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5574] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5574] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5573] <... futex resumed>) = 0 [pid 5574] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5573] exit_group(0 [pid 5574] <... futex resumed>) = ? [pid 5575] <... futex resumed>) = ? [pid 5573] <... exit_group resumed>) = ? [pid 5574] +++ exited with 0 +++ [pid 5575] +++ exited with 0 +++ [pid 5573] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5573, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./165", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./165", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./165/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./165/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./165/binderfs") = 0 [ 87.040337][ T5574] loop0: detected capacity change from 0 to 256 [ 87.050968][ T5574] exfat: Deprecated parameter 'utf8' [ 87.061774][ T5574] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./165/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./165/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./165/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./165/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./165/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./165/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./165") = 0 mkdir("./166", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5576 ./strace-static-x86_64: Process 5576 attached [pid 5576] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5576] chdir("./166") = 0 [pid 5576] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5576] setpgid(0, 0) = 0 [pid 5576] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5576] write(3, "1000", 4) = 4 [pid 5576] close(3) = 0 [pid 5576] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5576] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5576] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5576] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5576] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5577 attached , parent_tid=[5577], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5577 [pid 5577] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5577] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5576] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5577] <... futex resumed>) = 0 [pid 5576] <... futex resumed>) = 1 [pid 5576] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5577] memfd_create("syzkaller", 0) = 3 [pid 5577] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5577] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5577] munmap(0x7f2656609000, 131072) = 0 [pid 5577] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5577] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5577] close(3) = 0 [pid 5577] mkdir("./file2", 0777) = 0 [pid 5577] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5577] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5577] chdir("./file2") = 0 [pid 5577] ioctl(4, LOOP_CLR_FD) = 0 [pid 5577] close(4) = 0 [pid 5577] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5576] <... futex resumed>) = 0 [pid 5577] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5576] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5577] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5576] <... futex resumed>) = 0 [pid 5577] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5576] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5577] <... openat resumed>) = 4 [pid 5577] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5576] <... futex resumed>) = 0 [pid 5577] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5576] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5577] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5576] <... futex resumed>) = 0 [pid 5577] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5576] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5577] <... openat resumed>) = 5 [pid 5577] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5576] <... futex resumed>) = 0 [pid 5577] write(4, "\x00\x00", 2 [pid 5576] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5577] <... write resumed>) = 2 [pid 5576] <... futex resumed>) = 0 [pid 5577] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5576] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5577] <... futex resumed>) = 0 [pid 5576] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5577] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5576] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5577] <... mmap resumed>) = 0x20000000 [pid 5576] <... futex resumed>) = 0 [pid 5577] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5576] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5577] <... futex resumed>) = 0 [pid 5576] <... futex resumed>) = 0 [pid 5577] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5576] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5576] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5576] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5578 attached [pid 5578] set_robust_list(0x7f26566289e0, 24 [pid 5576] <... clone resumed>, parent_tid=[5578], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5578 [pid 5578] <... set_robust_list resumed>) = 0 [pid 5576] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5578] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5576] <... futex resumed>) = 0 [pid 5578] openat(AT_FDCWD, "", O_RDONLY [pid 5576] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5578] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5578] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5576] <... futex resumed>) = 0 [pid 5578] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5576] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5577] <... futex resumed>) = 0 [pid 5576] <... futex resumed>) = 1 [pid 5577] getdents64(-1, [pid 5576] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5577] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5577] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5576] <... futex resumed>) = 0 [pid 5577] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5576] exit_group(0 [pid 5578] <... futex resumed>) = ? [pid 5577] <... futex resumed>) = ? [pid 5576] <... exit_group resumed>) = ? [pid 5578] +++ exited with 0 +++ [pid 5577] +++ exited with 0 +++ [pid 5576] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5576, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./166", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./166", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./166/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./166/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./166/binderfs") = 0 umount2("./166/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./166/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./166/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./166/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./166/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./166/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./166") = 0 [ 87.183935][ T5577] loop0: detected capacity change from 0 to 256 [ 87.193770][ T5577] exfat: Deprecated parameter 'utf8' [ 87.203257][ T5577] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) mkdir("./167", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5579 ./strace-static-x86_64: Process 5579 attached [pid 5579] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5579] chdir("./167") = 0 [pid 5579] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5579] setpgid(0, 0) = 0 [pid 5579] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5579] write(3, "1000", 4) = 4 [pid 5579] close(3) = 0 [pid 5579] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5579] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5579] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5579] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5579] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5580], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5580 [pid 5579] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5579] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5580 attached [pid 5580] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5580] memfd_create("syzkaller", 0) = 3 [pid 5580] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5580] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5580] munmap(0x7f2656609000, 131072) = 0 [pid 5580] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5580] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5580] close(3) = 0 [pid 5580] mkdir("./file2", 0777) = 0 [pid 5580] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5580] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5580] chdir("./file2") = 0 [pid 5580] ioctl(4, LOOP_CLR_FD) = 0 [pid 5580] close(4) = 0 [pid 5580] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5579] <... futex resumed>) = 0 [pid 5579] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5579] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5580] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5580] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5579] <... futex resumed>) = 0 [pid 5579] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5579] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5580] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5580] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5579] <... futex resumed>) = 0 [pid 5579] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5579] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5580] write(4, "\x00\x00", 2) = 2 [pid 5580] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5579] <... futex resumed>) = 0 [pid 5579] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5580] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5579] <... futex resumed>) = 0 [pid 5579] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5579] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5580] <... mmap resumed>) = 0x20000000 [pid 5579] <... mmap resumed>) = 0x7f2656608000 [pid 5579] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5580] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5579] <... mprotect resumed>) = 0 [pid 5579] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5581 attached [pid 5580] <... futex resumed>) = 0 [pid 5579] <... clone resumed>, parent_tid=[5581], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5581 [pid 5579] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5579] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5581] set_robust_list(0x7f26566289e0, 24 [pid 5580] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5581] <... set_robust_list resumed>) = 0 [pid 5581] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5581] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5581] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5579] <... futex resumed>) = 0 [pid 5579] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5579] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5580] <... futex resumed>) = 0 [pid 5580] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5581] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5580] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5579] <... futex resumed>) = 0 [pid 5580] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5579] exit_group(0 [pid 5580] <... futex resumed>) = ? [pid 5579] <... exit_group resumed>) = ? [pid 5580] +++ exited with 0 +++ [pid 5581] <... futex resumed>) = ? [pid 5581] +++ exited with 0 +++ [pid 5579] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5579, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./167", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./167", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./167/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./167/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./167/binderfs") = 0 [ 87.302805][ T5580] loop0: detected capacity change from 0 to 256 [ 87.313402][ T5580] exfat: Deprecated parameter 'utf8' [ 87.323914][ T5580] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./167/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./167/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./167/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./167/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./167/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./167/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./167") = 0 mkdir("./168", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5582 ./strace-static-x86_64: Process 5582 attached [pid 5582] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5582] chdir("./168") = 0 [pid 5582] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5582] setpgid(0, 0) = 0 [pid 5582] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5582] write(3, "1000", 4) = 4 [pid 5582] close(3) = 0 [pid 5582] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5582] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5582] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5582] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5582] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5583 attached , parent_tid=[5583], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5583 [pid 5583] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5583] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5582] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5583] <... futex resumed>) = 0 [pid 5582] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5583] memfd_create("syzkaller", 0) = 3 [pid 5583] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5583] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5583] munmap(0x7f2656609000, 131072) = 0 [pid 5583] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5583] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5583] close(3) = 0 [pid 5583] mkdir("./file2", 0777) = 0 [pid 5583] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5583] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5583] chdir("./file2") = 0 [pid 5583] ioctl(4, LOOP_CLR_FD) = 0 [pid 5583] close(4) = 0 [pid 5583] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5582] <... futex resumed>) = 0 [pid 5582] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5583] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5582] <... futex resumed>) = 0 [pid 5582] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5583] <... openat resumed>) = 4 [pid 5583] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5582] <... futex resumed>) = 0 [pid 5583] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5582] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5583] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5583] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5582] <... futex resumed>) = 0 [pid 5583] <... openat resumed>) = 5 [pid 5582] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5583] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5582] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5583] <... futex resumed>) = 0 [pid 5582] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5583] write(4, "\x00\x00", 2 [pid 5582] <... futex resumed>) = 0 [pid 5583] <... write resumed>) = 2 [pid 5582] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5583] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5582] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5583] <... futex resumed>) = 0 [pid 5583] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5582] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5583] <... mmap resumed>) = 0x20000000 [pid 5582] <... futex resumed>) = 0 [pid 5583] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5582] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5583] <... futex resumed>) = 0 [pid 5582] <... futex resumed>) = 0 [pid 5582] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5583] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5582] <... mmap resumed>) = 0x7f2656608000 [pid 5582] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5582] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5584 attached [pid 5584] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5584] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5582] <... clone resumed>, parent_tid=[5584], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5584 [pid 5582] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5582] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5584] <... futex resumed>) = 0 [pid 5584] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5584] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5584] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5582] <... futex resumed>) = 0 [pid 5582] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5583] <... futex resumed>) = 0 [pid 5582] <... futex resumed>) = 1 [pid 5582] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5583] getdents64(-1, [pid 5584] <... futex resumed>) = 1 [pid 5583] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5584] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5583] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5582] <... futex resumed>) = 0 [pid 5583] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5582] exit_group(0 [pid 5583] <... futex resumed>) = ? [pid 5582] <... exit_group resumed>) = ? [pid 5583] +++ exited with 0 +++ [pid 5584] <... futex resumed>) = ? [pid 5584] +++ exited with 0 +++ [pid 5582] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5582, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./168", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./168", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./168/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./168/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./168/binderfs") = 0 umount2("./168/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./168/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./168/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 87.416060][ T5583] loop0: detected capacity change from 0 to 256 [ 87.424775][ T5583] exfat: Deprecated parameter 'utf8' [ 87.434748][ T5583] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./168/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./168/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./168/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./168") = 0 mkdir("./169", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5585 ./strace-static-x86_64: Process 5585 attached [pid 5585] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5585] chdir("./169") = 0 [pid 5585] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5585] setpgid(0, 0) = 0 [pid 5585] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5585] write(3, "1000", 4) = 4 [pid 5585] close(3) = 0 [pid 5585] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5585] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5585] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5585] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5585] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5586 attached , parent_tid=[5586], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5586 [pid 5586] set_robust_list(0x7f265ea299e0, 24 [pid 5585] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5586] <... set_robust_list resumed>) = 0 [pid 5585] <... futex resumed>) = 0 [pid 5585] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5586] memfd_create("syzkaller", 0) = 3 [pid 5586] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5586] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5586] munmap(0x7f2656609000, 131072) = 0 [pid 5586] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5586] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5586] close(3) = 0 [pid 5586] mkdir("./file2", 0777) = 0 [pid 5586] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5586] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5586] chdir("./file2") = 0 [pid 5586] ioctl(4, LOOP_CLR_FD) = 0 [pid 5586] close(4) = 0 [pid 5586] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5585] <... futex resumed>) = 0 [pid 5585] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5585] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5586] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5586] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5585] <... futex resumed>) = 0 [pid 5585] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5585] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5586] <... futex resumed>) = 1 [pid 5586] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5586] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5585] <... futex resumed>) = 0 [pid 5585] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5586] <... futex resumed>) = 1 [pid 5585] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5586] write(4, "\x00\x00", 2) = 2 [pid 5586] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5585] <... futex resumed>) = 0 [pid 5585] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5586] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5585] <... futex resumed>) = 0 [pid 5585] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5585] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5586] <... mmap resumed>) = 0x20000000 [pid 5585] <... mmap resumed>) = 0x7f2656608000 [pid 5586] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5585] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5586] <... futex resumed>) = 0 [pid 5586] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5585] <... mprotect resumed>) = 0 [pid 5585] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5587 attached [pid 5587] set_robust_list(0x7f26566289e0, 24 [pid 5585] <... clone resumed>, parent_tid=[5587], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5587 [pid 5587] <... set_robust_list resumed>) = 0 [pid 5585] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5587] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5585] <... futex resumed>) = 0 [pid 5587] openat(AT_FDCWD, "", O_RDONLY [pid 5585] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5587] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5587] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5585] <... futex resumed>) = 0 [pid 5585] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5587] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5585] <... futex resumed>) = 1 [pid 5586] <... futex resumed>) = 0 [pid 5585] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5586] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5586] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5585] <... futex resumed>) = 0 [pid 5586] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5585] exit_group(0 [pid 5587] <... futex resumed>) = ? [pid 5586] <... futex resumed>) = ? [pid 5585] <... exit_group resumed>) = ? [pid 5586] +++ exited with 0 +++ [pid 5587] +++ exited with 0 +++ [pid 5585] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5585, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./169", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./169", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./169/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./169/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./169/binderfs") = 0 umount2("./169/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./169/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./169/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./169/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./169/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./169/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./169") = 0 mkdir("./170", 0777) = 0 [ 87.535380][ T5586] loop0: detected capacity change from 0 to 256 [ 87.544138][ T5586] exfat: Deprecated parameter 'utf8' [ 87.553866][ T5586] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5588 ./strace-static-x86_64: Process 5588 attached [pid 5588] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5588] chdir("./170") = 0 [pid 5588] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5588] setpgid(0, 0) = 0 [pid 5588] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5588] write(3, "1000", 4) = 4 [pid 5588] close(3) = 0 [pid 5588] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5588] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5588] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5588] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5588] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5589], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5589 [pid 5588] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5588] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5589 attached [pid 5589] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5589] memfd_create("syzkaller", 0) = 3 [pid 5589] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5589] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5589] munmap(0x7f2656609000, 131072) = 0 [pid 5589] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5589] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5589] close(3) = 0 [pid 5589] mkdir("./file2", 0777) = 0 [pid 5589] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5589] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5589] chdir("./file2") = 0 [pid 5589] ioctl(4, LOOP_CLR_FD) = 0 [pid 5589] close(4) = 0 [pid 5589] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5588] <... futex resumed>) = 0 [pid 5588] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5588] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5589] <... futex resumed>) = 1 [pid 5589] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5589] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5588] <... futex resumed>) = 0 [pid 5588] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5588] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5589] <... futex resumed>) = 1 [pid 5589] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5589] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5588] <... futex resumed>) = 0 [pid 5588] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5588] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5589] <... futex resumed>) = 1 [pid 5589] write(4, "\x00\x00", 2) = 2 [pid 5589] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5588] <... futex resumed>) = 0 [pid 5588] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5588] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5588] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5588] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5588] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5590], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5590 [pid 5588] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5588] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5589] <... futex resumed>) = 1 [pid 5589] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5589] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5589] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5590 attached [pid 5590] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5590] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5590] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5590] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5588] <... futex resumed>) = 0 [pid 5588] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5588] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5589] <... futex resumed>) = 0 [pid 5589] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5589] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5588] <... futex resumed>) = 0 [pid 5589] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5588] exit_group(0 [pid 5589] <... futex resumed>) = ? [pid 5588] <... exit_group resumed>) = ? [pid 5589] +++ exited with 0 +++ [pid 5590] <... futex resumed>) = ? [pid 5590] +++ exited with 0 +++ [pid 5588] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5588, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./170", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./170", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./170/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./170/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./170/binderfs") = 0 umount2("./170/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./170/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./170/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./170/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./170/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 [ 87.634909][ T5589] loop0: detected capacity change from 0 to 256 [ 87.640660][ T5080] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 87.644602][ T5589] exfat: Deprecated parameter 'utf8' [ 87.663063][ T5589] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) rmdir("./170/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./170") = 0 mkdir("./171", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5591 ./strace-static-x86_64: Process 5591 attached [pid 5591] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5591] chdir("./171") = 0 [pid 5591] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5591] setpgid(0, 0) = 0 [pid 5591] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5591] write(3, "1000", 4) = 4 [pid 5591] close(3) = 0 [pid 5591] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5591] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5591] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5591] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5591] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5592], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5592 [pid 5591] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5591] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5592 attached [pid 5592] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5592] memfd_create("syzkaller", 0) = 3 [pid 5592] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5592] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5592] munmap(0x7f2656609000, 131072) = 0 [pid 5592] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5592] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5592] close(3) = 0 [pid 5592] mkdir("./file2", 0777) = 0 [pid 5592] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5592] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5592] chdir("./file2") = 0 [pid 5592] ioctl(4, LOOP_CLR_FD) = 0 [pid 5592] close(4) = 0 [pid 5592] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5591] <... futex resumed>) = 0 [pid 5592] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5591] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5592] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5591] <... futex resumed>) = 0 [pid 5592] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5591] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5592] <... openat resumed>) = 4 [pid 5592] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5591] <... futex resumed>) = 0 [pid 5591] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5591] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5592] <... futex resumed>) = 1 [pid 5592] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5592] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5591] <... futex resumed>) = 0 [pid 5591] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5591] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5592] <... futex resumed>) = 1 [pid 5592] write(4, "\x00\x00", 2) = 2 [pid 5592] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5591] <... futex resumed>) = 0 [pid 5591] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5591] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5591] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5591] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5591] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5593 attached , parent_tid=[5593], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5593 [pid 5591] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5591] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5592] <... futex resumed>) = 1 [pid 5592] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5593] set_robust_list(0x7f26566289e0, 24 [pid 5592] <... mmap resumed>) = 0x20000000 [pid 5592] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5592] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5593] <... set_robust_list resumed>) = 0 [pid 5593] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5593] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5593] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5591] <... futex resumed>) = 0 [pid 5591] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5591] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5592] <... futex resumed>) = 0 [pid 5592] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5592] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5593] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5591] <... futex resumed>) = 0 [pid 5592] <... futex resumed>) = 1 [pid 5591] exit_group(0) = ? [pid 5592] +++ exited with 0 +++ [pid 5593] <... futex resumed>) = ? [pid 5593] +++ exited with 0 +++ [pid 5591] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5591, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./171", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./171", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./171/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./171/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./171/binderfs") = 0 umount2("./171/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./171/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./171/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./171/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./171/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./171/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./171") = 0 mkdir("./172", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5594 [ 87.757503][ T5592] loop0: detected capacity change from 0 to 256 [ 87.767322][ T5592] exfat: Deprecated parameter 'utf8' [ 87.778945][ T5592] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) ./strace-static-x86_64: Process 5594 attached [pid 5594] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5594] chdir("./172") = 0 [pid 5594] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5594] setpgid(0, 0) = 0 [pid 5594] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5594] write(3, "1000", 4) = 4 [pid 5594] close(3) = 0 [pid 5594] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5594] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5594] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5594] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5594] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5595], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5595 ./strace-static-x86_64: Process 5595 attached [pid 5594] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5595] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5594] <... futex resumed>) = 0 [pid 5594] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5595] memfd_create("syzkaller", 0) = 3 [pid 5595] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5595] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5595] munmap(0x7f2656609000, 131072) = 0 [pid 5595] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5595] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5595] close(3) = 0 [pid 5595] mkdir("./file2", 0777) = 0 [pid 5595] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5595] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5595] chdir("./file2") = 0 [pid 5595] ioctl(4, LOOP_CLR_FD) = 0 [pid 5595] close(4) = 0 [pid 5595] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5594] <... futex resumed>) = 0 [pid 5594] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5595] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5594] <... futex resumed>) = 0 [pid 5594] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5595] <... openat resumed>) = 4 [pid 5595] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5594] <... futex resumed>) = 0 [pid 5594] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5594] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5595] <... futex resumed>) = 1 [pid 5595] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5595] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5594] <... futex resumed>) = 0 [pid 5594] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5594] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5595] <... futex resumed>) = 1 [pid 5595] write(4, "\x00\x00", 2) = 2 [pid 5595] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5594] <... futex resumed>) = 0 [pid 5594] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5594] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5594] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5594] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5594] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5596 attached , parent_tid=[5596], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5596 [pid 5594] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5594] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5595] <... futex resumed>) = 1 [pid 5595] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5596] set_robust_list(0x7f26566289e0, 24 [pid 5595] <... mmap resumed>) = 0x20000000 [pid 5595] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5595] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5596] <... set_robust_list resumed>) = 0 [pid 5596] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5596] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5596] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5594] <... futex resumed>) = 0 [pid 5594] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5595] <... futex resumed>) = 0 [pid 5594] <... futex resumed>) = 1 [pid 5596] <... futex resumed>) = 1 [pid 5595] getdents64(-1, [pid 5594] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5596] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5595] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5595] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5594] <... futex resumed>) = 0 [pid 5595] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5594] exit_group(0 [pid 5596] <... futex resumed>) = ? [pid 5595] <... futex resumed>) = ? [pid 5594] <... exit_group resumed>) = ? [pid 5596] +++ exited with 0 +++ [pid 5595] +++ exited with 0 +++ [pid 5594] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5594, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./172", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./172", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./172/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./172/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./172/binderfs") = 0 umount2("./172/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./172/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./172/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./172/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./172/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./172/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./172") = 0 mkdir("./173", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 87.875695][ T5595] loop0: detected capacity change from 0 to 256 [ 87.884957][ T5595] exfat: Deprecated parameter 'utf8' [ 87.895735][ T5595] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5597 ./strace-static-x86_64: Process 5597 attached [pid 5597] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5597] chdir("./173") = 0 [pid 5597] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5597] setpgid(0, 0) = 0 [pid 5597] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5597] write(3, "1000", 4) = 4 [pid 5597] close(3) = 0 [pid 5597] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5597] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5597] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5597] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5597] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5598], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5598 [pid 5597] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5598 attached ) = 0 [pid 5598] set_robust_list(0x7f265ea299e0, 24 [pid 5597] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5598] <... set_robust_list resumed>) = 0 [pid 5598] memfd_create("syzkaller", 0) = 3 [pid 5598] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5598] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5598] munmap(0x7f2656609000, 131072) = 0 [pid 5598] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5598] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5598] close(3) = 0 [pid 5598] mkdir("./file2", 0777) = 0 [pid 5598] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5598] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5598] chdir("./file2") = 0 [pid 5598] ioctl(4, LOOP_CLR_FD) = 0 [pid 5598] close(4) = 0 [pid 5598] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5597] <... futex resumed>) = 0 [pid 5598] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5597] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5598] <... futex resumed>) = 0 [pid 5597] <... futex resumed>) = 1 [pid 5598] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5597] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5598] <... openat resumed>) = 4 [pid 5598] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5597] <... futex resumed>) = 0 [pid 5598] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5597] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5598] <... futex resumed>) = 0 [pid 5597] <... futex resumed>) = 1 [pid 5598] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5597] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5598] <... openat resumed>) = 5 [pid 5598] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5597] <... futex resumed>) = 0 [pid 5598] <... futex resumed>) = 1 [pid 5597] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5598] write(4, "\x00\x00", 2 [pid 5597] <... futex resumed>) = 0 [pid 5598] <... write resumed>) = 2 [pid 5597] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5598] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5597] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5598] <... futex resumed>) = 0 [pid 5597] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5598] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5597] <... futex resumed>) = 0 [pid 5597] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5597] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5598] <... mmap resumed>) = 0x20000000 [pid 5597] <... mmap resumed>) = 0x7f2656608000 [pid 5598] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5597] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5598] <... futex resumed>) = 0 [pid 5597] <... mprotect resumed>) = 0 [pid 5598] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5597] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5600 attached , parent_tid=[5600], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5600 [pid 5600] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5600] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5597] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5600] <... futex resumed>) = 0 [pid 5600] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5600] openat(AT_FDCWD, "", O_RDONLY [pid 5597] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5600] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5600] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5597] <... futex resumed>) = 0 [pid 5597] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5597] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5598] <... futex resumed>) = 0 [pid 5600] <... futex resumed>) = 1 [pid 5600] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5598] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5598] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5597] <... futex resumed>) = 0 [pid 5597] exit_group(0) = ? [pid 5600] <... futex resumed>) = ? [pid 5598] +++ exited with 0 +++ [pid 5600] +++ exited with 0 +++ [pid 5597] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5597, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./173", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./173", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./173/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./173/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./173/binderfs") = 0 [ 87.982976][ T5598] loop0: detected capacity change from 0 to 256 [ 87.994364][ T5598] exfat: Deprecated parameter 'utf8' [ 88.005378][ T5598] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./173/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./173/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./173/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./173/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./173/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./173/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./173") = 0 mkdir("./174", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5601 ./strace-static-x86_64: Process 5601 attached [pid 5601] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5601] chdir("./174") = 0 [pid 5601] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5601] setpgid(0, 0) = 0 [pid 5601] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5601] write(3, "1000", 4) = 4 [pid 5601] close(3) = 0 [pid 5601] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5601] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5601] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5601] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5601] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5602 attached , parent_tid=[5602], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5602 [pid 5602] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5602] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5601] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5602] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5602] memfd_create("syzkaller", 0) = 3 [pid 5602] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5601] <... futex resumed>) = 0 [pid 5602] <... mmap resumed>) = 0x7f2656609000 [pid 5601] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5602] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5602] munmap(0x7f2656609000, 131072) = 0 [pid 5602] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5602] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5602] close(3) = 0 [pid 5602] mkdir("./file2", 0777) = 0 [pid 5602] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5602] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5602] chdir("./file2") = 0 [pid 5602] ioctl(4, LOOP_CLR_FD) = 0 [pid 5602] close(4) = 0 [pid 5602] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5601] <... futex resumed>) = 0 [pid 5602] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5601] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5602] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5601] <... futex resumed>) = 0 [pid 5601] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5602] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5602] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5601] <... futex resumed>) = 0 [pid 5602] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5601] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5601] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5602] <... openat resumed>) = 5 [pid 5602] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5601] <... futex resumed>) = 0 [pid 5602] <... futex resumed>) = 1 [pid 5601] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5602] write(4, "\x00\x00", 2 [pid 5601] <... futex resumed>) = 0 [pid 5601] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5602] <... write resumed>) = 2 [pid 5602] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5601] <... futex resumed>) = 0 [pid 5602] <... futex resumed>) = 1 [pid 5601] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5602] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5601] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5601] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5602] <... mmap resumed>) = 0x20000000 [pid 5601] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5602] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5601] <... mprotect resumed>) = 0 [pid 5602] <... futex resumed>) = 0 [pid 5601] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5602] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5601] <... clone resumed>, parent_tid=[5603], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5603 ./strace-static-x86_64: Process 5603 attached [pid 5601] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5603] set_robust_list(0x7f26566289e0, 24 [pid 5601] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5603] <... set_robust_list resumed>) = 0 [pid 5603] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5603] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5603] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5601] <... futex resumed>) = 0 [pid 5603] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5601] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5602] <... futex resumed>) = 0 [pid 5601] <... futex resumed>) = 1 [pid 5602] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5601] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5602] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5601] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5602] <... futex resumed>) = 0 [pid 5602] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5601] exit_group(0) = ? [pid 5602] <... futex resumed>) = ? [pid 5603] <... futex resumed>) = ? [pid 5602] +++ exited with 0 +++ [pid 5603] +++ exited with 0 +++ [pid 5601] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5601, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./174", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./174", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./174/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./174/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./174/binderfs") = 0 umount2("./174/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 88.109216][ T5602] loop0: detected capacity change from 0 to 256 [ 88.118328][ T5602] exfat: Deprecated parameter 'utf8' [ 88.128790][ T5602] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./174/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./174/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./174/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./174/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./174/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./174") = 0 mkdir("./175", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5604 attached , child_tidptr=0x555556b3a6d0) = 5604 [pid 5604] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5604] chdir("./175") = 0 [pid 5604] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5604] setpgid(0, 0) = 0 [pid 5604] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5604] write(3, "1000", 4) = 4 [pid 5604] close(3) = 0 [pid 5604] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5604] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5604] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5604] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5604] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5605 attached , parent_tid=[5605], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5605 [pid 5605] set_robust_list(0x7f265ea299e0, 24 [pid 5604] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5605] <... set_robust_list resumed>) = 0 [pid 5605] memfd_create("syzkaller", 0 [pid 5604] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5605] <... memfd_create resumed>) = 3 [pid 5605] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5605] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5605] munmap(0x7f2656609000, 131072) = 0 [pid 5605] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5605] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5605] close(3) = 0 [pid 5605] mkdir("./file2", 0777) = 0 [pid 5605] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5605] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5605] chdir("./file2") = 0 [pid 5605] ioctl(4, LOOP_CLR_FD) = 0 [pid 5605] close(4) = 0 [pid 5605] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5604] <... futex resumed>) = 0 [pid 5605] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5604] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5604] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5605] <... futex resumed>) = 0 [pid 5605] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5605] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5604] <... futex resumed>) = 0 [pid 5605] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5604] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5605] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5604] <... futex resumed>) = 0 [pid 5605] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5604] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5605] <... openat resumed>) = 5 [pid 5605] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5604] <... futex resumed>) = 0 [pid 5604] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5605] write(4, "\x00\x00", 2 [pid 5604] <... futex resumed>) = 0 [pid 5604] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5605] <... write resumed>) = 2 [pid 5605] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5604] <... futex resumed>) = 0 [pid 5604] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5605] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5604] <... futex resumed>) = 0 [pid 5604] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5604] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5605] <... mmap resumed>) = 0x20000000 [pid 5604] <... mmap resumed>) = 0x7f2656608000 [pid 5605] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5604] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5605] <... futex resumed>) = 0 [pid 5604] <... mprotect resumed>) = 0 [pid 5605] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5604] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5606 attached , parent_tid=[5606], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5606 [pid 5606] set_robust_list(0x7f26566289e0, 24 [pid 5604] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5606] <... set_robust_list resumed>) = 0 [pid 5604] <... futex resumed>) = 0 [pid 5606] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5606] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5606] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5606] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5604] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5604] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5604] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5605] <... futex resumed>) = 0 [pid 5605] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5605] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5604] <... futex resumed>) = 0 [pid 5605] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5604] exit_group(0 [pid 5605] <... futex resumed>) = ? [pid 5604] <... exit_group resumed>) = ? [pid 5606] <... futex resumed>) = ? [pid 5606] +++ exited with 0 +++ [pid 5605] +++ exited with 0 +++ [pid 5604] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5604, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./175", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./175", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./175/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./175/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./175/binderfs") = 0 [ 88.234963][ T5605] loop0: detected capacity change from 0 to 256 [ 88.243816][ T5605] exfat: Deprecated parameter 'utf8' [ 88.253705][ T5605] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./175/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./175/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./175/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./175/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./175/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./175/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./175") = 0 mkdir("./176", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5607 attached , child_tidptr=0x555556b3a6d0) = 5607 [pid 5607] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5607] chdir("./176") = 0 [pid 5607] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5607] setpgid(0, 0) = 0 [pid 5607] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5607] write(3, "1000", 4) = 4 [pid 5607] close(3) = 0 [pid 5607] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5607] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5607] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5607] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5607] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5608], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5608 ./strace-static-x86_64: Process 5608 attached [pid 5608] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5608] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5607] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5608] <... futex resumed>) = 0 [pid 5607] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5608] memfd_create("syzkaller", 0) = 3 [pid 5608] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5608] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5608] munmap(0x7f2656609000, 131072) = 0 [pid 5608] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5608] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5608] close(3) = 0 [pid 5608] mkdir("./file2", 0777) = 0 [pid 5608] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5608] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5608] chdir("./file2") = 0 [pid 5608] ioctl(4, LOOP_CLR_FD) = 0 [pid 5608] close(4) = 0 [pid 5608] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5607] <... futex resumed>) = 0 [pid 5608] <... futex resumed>) = 1 [pid 5607] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5607] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5608] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5608] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5607] <... futex resumed>) = 0 [pid 5608] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5607] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5607] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5608] <... openat resumed>) = 5 [pid 5608] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5607] <... futex resumed>) = 0 [pid 5608] write(4, "\x00\x00", 2 [pid 5607] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5607] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5608] <... write resumed>) = 2 [pid 5608] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5607] <... futex resumed>) = 0 [pid 5608] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5607] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5608] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5607] <... futex resumed>) = 0 [pid 5608] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5607] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5607] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5608] <... mmap resumed>) = 0x20000000 [pid 5608] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5607] <... mmap resumed>) = 0x7f2656608000 [pid 5608] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5607] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5607] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5609 attached , parent_tid=[5609], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5609 [pid 5609] set_robust_list(0x7f26566289e0, 24 [pid 5607] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5609] <... set_robust_list resumed>) = 0 [pid 5607] <... futex resumed>) = 0 [pid 5609] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5607] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5609] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5609] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5607] <... futex resumed>) = 0 [pid 5609] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5607] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5607] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5608] <... futex resumed>) = 0 [pid 5608] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5608] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5607] <... futex resumed>) = 0 [pid 5608] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5607] exit_group(0) = ? [pid 5609] <... futex resumed>) = ? [pid 5608] <... futex resumed>) = ? [pid 5609] +++ exited with 0 +++ [pid 5608] +++ exited with 0 +++ [pid 5607] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5607, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./176", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./176", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./176/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./176/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./176/binderfs") = 0 [ 88.367222][ T5608] loop0: detected capacity change from 0 to 256 [ 88.375641][ T5608] exfat: Deprecated parameter 'utf8' [ 88.386055][ T5608] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./176/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./176/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./176/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./176/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./176/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./176/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./176") = 0 mkdir("./177", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5610 attached [pid 5610] set_robust_list(0x555556b3a6e0, 24 [pid 5078] <... clone resumed>, child_tidptr=0x555556b3a6d0) = 5610 [pid 5610] <... set_robust_list resumed>) = 0 [pid 5610] chdir("./177") = 0 [pid 5610] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5610] setpgid(0, 0) = 0 [pid 5610] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5610] write(3, "1000", 4) = 4 [pid 5610] close(3) = 0 [pid 5610] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5610] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5610] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5610] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5610] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5611 attached , parent_tid=[5611], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5611 [pid 5611] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5611] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5610] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5611] <... futex resumed>) = 0 [pid 5610] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5611] memfd_create("syzkaller", 0) = 3 [pid 5611] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5611] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5611] munmap(0x7f2656609000, 131072) = 0 [pid 5611] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5611] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5611] close(3) = 0 [pid 5611] mkdir("./file2", 0777) = 0 [pid 5611] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5611] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5611] chdir("./file2") = 0 [pid 5611] ioctl(4, LOOP_CLR_FD) = 0 [pid 5611] close(4) = 0 [pid 5611] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5610] <... futex resumed>) = 0 [pid 5611] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5610] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5611] <... openat resumed>) = 4 [pid 5610] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5611] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5610] <... futex resumed>) = 0 [pid 5611] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5610] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5610] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5611] <... openat resumed>) = 5 [pid 5611] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5610] <... futex resumed>) = 0 [pid 5611] write(4, "\x00\x00", 2 [pid 5610] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5611] <... write resumed>) = 2 [pid 5610] <... futex resumed>) = 0 [pid 5611] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5610] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5611] <... futex resumed>) = 0 [pid 5610] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5611] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5610] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5611] <... mmap resumed>) = 0x20000000 [pid 5610] <... futex resumed>) = 0 [pid 5611] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5610] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5611] <... futex resumed>) = 0 [pid 5610] <... futex resumed>) = 0 [pid 5611] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5610] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5611] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5611] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5610] <... futex resumed>) = 0 [pid 5611] getdents64(-1, [pid 5610] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5611] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5610] <... futex resumed>) = 0 [pid 5611] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5610] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5611] <... futex resumed>) = 0 [pid 5610] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5611] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5610] exit_group(0 [pid 5611] <... futex resumed>) = ? [pid 5610] <... exit_group resumed>) = ? [pid 5611] +++ exited with 0 +++ [pid 5610] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5610, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./177", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./177", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./177/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./177/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./177/binderfs") = 0 umount2("./177/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./177/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./177/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./177/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./177/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./177/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./177") = 0 mkdir("./178", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5612 [ 88.493023][ T5611] loop0: detected capacity change from 0 to 256 [ 88.501918][ T5611] exfat: Deprecated parameter 'utf8' [ 88.512884][ T5611] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) ./strace-static-x86_64: Process 5612 attached [pid 5612] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5612] chdir("./178") = 0 [pid 5612] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5612] setpgid(0, 0) = 0 [pid 5612] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5612] write(3, "1000", 4) = 4 [pid 5612] close(3) = 0 [pid 5612] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5612] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5612] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5612] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5612] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5613], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5613 [pid 5612] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5612] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5613 attached [pid 5613] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5613] memfd_create("syzkaller", 0) = 3 [pid 5613] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5613] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5613] munmap(0x7f2656609000, 131072) = 0 [pid 5613] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5613] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5613] close(3) = 0 [pid 5613] mkdir("./file2", 0777) = 0 [pid 5613] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5613] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5613] chdir("./file2") = 0 [pid 5613] ioctl(4, LOOP_CLR_FD) = 0 [pid 5613] close(4) = 0 [pid 5613] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5612] <... futex resumed>) = 0 [pid 5612] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5613] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5612] <... futex resumed>) = 0 [pid 5612] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5613] <... openat resumed>) = 4 [pid 5613] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5612] <... futex resumed>) = 0 [pid 5612] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5613] <... futex resumed>) = 1 [pid 5613] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5612] <... futex resumed>) = 0 [pid 5612] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5613] <... openat resumed>) = 5 [pid 5613] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5612] <... futex resumed>) = 0 [pid 5613] write(4, "\x00\x00", 2 [pid 5612] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5613] <... write resumed>) = 2 [pid 5612] <... futex resumed>) = 0 [pid 5613] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5612] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5613] <... futex resumed>) = 0 [pid 5612] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5613] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5612] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5613] <... mmap resumed>) = 0x20000000 [pid 5612] <... futex resumed>) = 0 [pid 5613] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5612] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5613] <... futex resumed>) = 0 [pid 5612] <... futex resumed>) = 0 [pid 5613] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5612] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5612] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5612] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5614 attached [pid 5614] set_robust_list(0x7f26566289e0, 24 [pid 5612] <... clone resumed>, parent_tid=[5614], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5614 [pid 5614] <... set_robust_list resumed>) = 0 [pid 5612] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5614] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5612] <... futex resumed>) = 0 [pid 5614] openat(AT_FDCWD, "", O_RDONLY [pid 5612] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5614] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5614] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5612] <... futex resumed>) = 0 [pid 5614] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5612] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5613] <... futex resumed>) = 0 [pid 5612] <... futex resumed>) = 1 [pid 5613] getdents64(-1, [pid 5612] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5613] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5613] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5612] <... futex resumed>) = 0 [pid 5613] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5612] exit_group(0 [pid 5614] <... futex resumed>) = ? [pid 5613] <... futex resumed>) = ? [pid 5612] <... exit_group resumed>) = ? [pid 5614] +++ exited with 0 +++ [pid 5613] +++ exited with 0 +++ [pid 5612] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5612, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./178", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./178", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./178/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./178/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./178/binderfs") = 0 umount2("./178/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./178/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./178/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./178/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 88.600281][ T5613] loop0: detected capacity change from 0 to 256 [ 88.610560][ T5613] exfat: Deprecated parameter 'utf8' [ 88.621298][ T5613] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) openat(AT_FDCWD, "./178/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./178/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./178") = 0 mkdir("./179", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5615 ./strace-static-x86_64: Process 5615 attached [pid 5615] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5615] chdir("./179") = 0 [pid 5615] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5615] setpgid(0, 0) = 0 [pid 5615] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5615] write(3, "1000", 4) = 4 [pid 5615] close(3) = 0 [pid 5615] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5615] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5615] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5615] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5615] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5616 attached , parent_tid=[5616], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5616 [pid 5616] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5616] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5615] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5616] <... futex resumed>) = 0 [pid 5615] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5616] memfd_create("syzkaller", 0) = 3 [pid 5616] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5616] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5616] munmap(0x7f2656609000, 131072) = 0 [pid 5616] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5616] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5616] close(3) = 0 [pid 5616] mkdir("./file2", 0777) = 0 [pid 5616] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5616] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5616] chdir("./file2") = 0 [pid 5616] ioctl(4, LOOP_CLR_FD) = 0 [pid 5616] close(4) = 0 [pid 5616] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5615] <... futex resumed>) = 0 [pid 5615] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5615] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5616] <... futex resumed>) = 1 [pid 5616] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5616] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5615] <... futex resumed>) = 0 [pid 5615] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5615] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5616] <... futex resumed>) = 1 [pid 5616] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5616] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5615] <... futex resumed>) = 0 [pid 5615] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5615] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5616] <... futex resumed>) = 1 [pid 5616] write(4, "\x00\x00", 2) = 2 [pid 5616] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5615] <... futex resumed>) = 0 [pid 5615] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5615] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5615] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5615] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5615] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5617 attached [pid 5617] set_robust_list(0x7f26566289e0, 24 [pid 5615] <... clone resumed>, parent_tid=[5617], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5617 [pid 5617] <... set_robust_list resumed>) = 0 [pid 5615] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5617] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5615] <... futex resumed>) = 0 [pid 5615] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5617] <... openat resumed>) = 6 [pid 5617] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5615] <... futex resumed>) = 0 [pid 5617] getdents64(6, [pid 5615] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5617] <... getdents64 resumed>NULL, 32776) = -1 EFAULT (Bad address) [pid 5615] <... futex resumed>) = 0 [pid 5617] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5615] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5617] <... futex resumed>) = 0 [pid 5615] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5617] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5616] <... futex resumed>) = 1 [pid 5616] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5616] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5616] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5615] exit_group(0) = ? [pid 5616] <... futex resumed>) = ? [pid 5616] +++ exited with 0 +++ [pid 5617] <... futex resumed>) = ? [pid 5617] +++ exited with 0 +++ [pid 5615] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5615, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./179", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./179", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./179/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./179/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./179/binderfs") = 0 umount2("./179/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./179/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./179/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./179/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./179/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./179/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./179") = 0 mkdir("./180", 0777) = 0 [ 88.716277][ T5616] loop0: detected capacity change from 0 to 256 [ 88.725102][ T5616] exfat: Deprecated parameter 'utf8' [ 88.737451][ T5616] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5618 ./strace-static-x86_64: Process 5618 attached [pid 5618] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5618] chdir("./180") = 0 [pid 5618] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5618] setpgid(0, 0) = 0 [pid 5618] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5618] write(3, "1000", 4) = 4 [pid 5618] close(3) = 0 [pid 5618] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5618] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5618] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5618] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5618] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5619], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5619 [pid 5618] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5618] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5619 attached [pid 5619] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5619] memfd_create("syzkaller", 0) = 3 [pid 5619] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5619] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5619] munmap(0x7f2656609000, 131072) = 0 [pid 5619] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5619] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5619] close(3) = 0 [pid 5619] mkdir("./file2", 0777) = 0 [pid 5619] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5619] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5619] chdir("./file2") = 0 [pid 5619] ioctl(4, LOOP_CLR_FD) = 0 [pid 5619] close(4) = 0 [pid 5619] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5618] <... futex resumed>) = 0 [pid 5618] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5618] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5619] <... futex resumed>) = 1 [pid 5619] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5619] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5618] <... futex resumed>) = 0 [pid 5618] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5618] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5619] <... futex resumed>) = 1 [pid 5619] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5619] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5618] <... futex resumed>) = 0 [pid 5618] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5618] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5619] <... futex resumed>) = 1 [pid 5619] write(4, "\x00\x00", 2) = 2 [pid 5619] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5618] <... futex resumed>) = 0 [pid 5618] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5618] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5618] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5618] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5618] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5620], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5620 [pid 5618] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5618] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5619] <... futex resumed>) = 1 [pid 5619] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5619] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5619] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5620 attached [pid 5620] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5620] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5620] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5620] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5618] <... futex resumed>) = 0 [pid 5618] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5618] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5619] <... futex resumed>) = 0 [pid 5619] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5619] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5618] <... futex resumed>) = 0 [pid 5618] exit_group(0) = ? [pid 5619] <... futex resumed>) = ? [pid 5619] +++ exited with 0 +++ [pid 5620] <... futex resumed>) = ? [pid 5620] +++ exited with 0 +++ [pid 5618] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5618, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./180", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./180", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./180/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./180/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./180/binderfs") = 0 umount2("./180/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./180/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./180/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./180/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./180/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 [ 88.817500][ T5619] loop0: detected capacity change from 0 to 256 [ 88.823800][ T5080] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 88.827607][ T5619] exfat: Deprecated parameter 'utf8' [ 88.845079][ T5619] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) rmdir("./180/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./180") = 0 mkdir("./181", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5621 ./strace-static-x86_64: Process 5621 attached [pid 5621] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5621] chdir("./181") = 0 [pid 5621] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5621] setpgid(0, 0) = 0 [pid 5621] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5621] write(3, "1000", 4) = 4 [pid 5621] close(3) = 0 [pid 5621] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5621] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5621] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5621] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5621] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5622 attached , parent_tid=[5622], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5622 [pid 5622] set_robust_list(0x7f265ea299e0, 24 [pid 5621] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5621] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5622] <... set_robust_list resumed>) = 0 [pid 5622] memfd_create("syzkaller", 0) = 3 [pid 5622] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5622] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5622] munmap(0x7f2656609000, 131072) = 0 [pid 5622] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5622] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5622] close(3) = 0 [pid 5622] mkdir("./file2", 0777) = 0 [pid 5622] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5622] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5622] chdir("./file2") = 0 [pid 5622] ioctl(4, LOOP_CLR_FD) = 0 [pid 5622] close(4) = 0 [pid 5622] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5621] <... futex resumed>) = 0 [pid 5621] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5621] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5622] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5622] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5621] <... futex resumed>) = 0 [pid 5622] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5621] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5622] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5622] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5621] <... futex resumed>) = 0 [pid 5621] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5622] <... openat resumed>) = 5 [pid 5622] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5622] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5621] <... futex resumed>) = 0 [pid 5621] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5622] <... futex resumed>) = 0 [pid 5621] <... futex resumed>) = 1 [pid 5622] write(4, "\x00\x00", 2 [pid 5621] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5622] <... write resumed>) = 2 [pid 5622] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5621] <... futex resumed>) = 0 [pid 5622] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5621] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5621] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5621] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5622] <... mmap resumed>) = 0x20000000 [pid 5622] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5621] <... mmap resumed>) = 0x7f2656608000 [pid 5622] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5621] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5621] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5623 attached , parent_tid=[5623], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5623 [pid 5623] set_robust_list(0x7f26566289e0, 24 [pid 5621] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5623] <... set_robust_list resumed>) = 0 [pid 5621] <... futex resumed>) = 0 [pid 5621] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5623] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5623] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5623] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5621] <... futex resumed>) = 0 [pid 5623] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5621] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5622] <... futex resumed>) = 0 [pid 5621] <... futex resumed>) = 1 [pid 5622] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5621] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5622] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5621] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5622] <... futex resumed>) = 0 [pid 5621] exit_group(0 [pid 5622] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5621] <... exit_group resumed>) = ? [pid 5622] <... futex resumed>) = ? [pid 5623] <... futex resumed>) = ? [pid 5623] +++ exited with 0 +++ [pid 5622] +++ exited with 0 +++ [pid 5621] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5621, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./181", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./181", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./181/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./181/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./181/binderfs") = 0 [ 88.935853][ T5622] loop0: detected capacity change from 0 to 256 [ 88.945134][ T5622] exfat: Deprecated parameter 'utf8' [ 88.955765][ T5622] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./181/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./181/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./181/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./181/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./181/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./181/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./181") = 0 mkdir("./182", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5624 ./strace-static-x86_64: Process 5624 attached [pid 5624] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5624] chdir("./182") = 0 [pid 5624] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5624] setpgid(0, 0) = 0 [pid 5624] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5624] write(3, "1000", 4) = 4 [pid 5624] close(3) = 0 [pid 5624] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5624] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5624] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5624] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5624] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5625 attached [pid 5625] set_robust_list(0x7f265ea299e0, 24 [pid 5624] <... clone resumed>, parent_tid=[5625], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5625 [pid 5625] <... set_robust_list resumed>) = 0 [pid 5624] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5624] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5625] memfd_create("syzkaller", 0) = 3 [pid 5625] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5625] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5625] munmap(0x7f2656609000, 131072) = 0 [pid 5625] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5625] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5625] close(3) = 0 [pid 5625] mkdir("./file2", 0777) = 0 [pid 5625] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5625] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5625] chdir("./file2") = 0 [pid 5625] ioctl(4, LOOP_CLR_FD) = 0 [pid 5625] close(4) = 0 [pid 5625] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5624] <... futex resumed>) = 0 [pid 5624] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5625] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5624] <... futex resumed>) = 0 [pid 5624] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5625] <... openat resumed>) = 4 [pid 5625] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5624] <... futex resumed>) = 0 [pid 5624] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5624] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5625] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5625] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5624] <... futex resumed>) = 0 [pid 5625] <... futex resumed>) = 1 [pid 5624] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5624] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5625] write(4, "\x00\x00", 2) = 2 [pid 5625] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5624] <... futex resumed>) = 0 [pid 5625] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5624] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5624] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5625] <... mmap resumed>) = 0x20000000 [pid 5624] <... futex resumed>) = 0 [pid 5625] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5624] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5625] <... futex resumed>) = 0 [pid 5625] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5624] <... mmap resumed>) = 0x7f2656608000 [pid 5624] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5624] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5626 attached , parent_tid=[5626], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5626 [pid 5626] set_robust_list(0x7f26566289e0, 24 [pid 5624] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5626] <... set_robust_list resumed>) = 0 [pid 5624] <... futex resumed>) = 0 [pid 5626] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5624] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5626] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5626] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5624] <... futex resumed>) = 0 [pid 5626] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5624] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5625] <... futex resumed>) = 0 [pid 5624] <... futex resumed>) = 1 [pid 5625] getdents64(-1, [pid 5624] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5625] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5625] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5624] <... futex resumed>) = 0 [pid 5625] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5624] exit_group(0 [pid 5626] <... futex resumed>) = ? [pid 5625] <... futex resumed>) = ? [pid 5624] <... exit_group resumed>) = ? [pid 5625] +++ exited with 0 +++ [pid 5626] +++ exited with 0 +++ [pid 5624] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5624, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./182", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./182", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 89.057794][ T5625] loop0: detected capacity change from 0 to 256 [ 89.068322][ T5625] exfat: Deprecated parameter 'utf8' [ 89.078912][ T5625] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./182/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./182/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./182/binderfs") = 0 umount2("./182/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./182/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./182/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./182/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./182/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./182/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./182") = 0 mkdir("./183", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5627 ./strace-static-x86_64: Process 5627 attached [pid 5627] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5627] chdir("./183") = 0 [pid 5627] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5627] setpgid(0, 0) = 0 [pid 5627] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5627] write(3, "1000", 4) = 4 [pid 5627] close(3) = 0 [pid 5627] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5627] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5627] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5627] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5627] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5628 attached , parent_tid=[5628], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5628 [pid 5628] set_robust_list(0x7f265ea299e0, 24 [pid 5627] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5628] <... set_robust_list resumed>) = 0 [pid 5627] <... futex resumed>) = 0 [pid 5627] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5628] memfd_create("syzkaller", 0) = 3 [pid 5628] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5628] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5628] munmap(0x7f2656609000, 131072) = 0 [pid 5628] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5628] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5628] close(3) = 0 [pid 5628] mkdir("./file2", 0777) = 0 [pid 5628] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5628] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5628] chdir("./file2") = 0 [pid 5628] ioctl(4, LOOP_CLR_FD) = 0 [pid 5628] close(4) = 0 [pid 5628] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5627] <... futex resumed>) = 0 [pid 5627] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5627] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5628] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5628] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5627] <... futex resumed>) = 0 [pid 5627] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5627] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5628] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5628] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5627] <... futex resumed>) = 0 [pid 5627] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5627] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5628] write(4, "\x00\x00", 2) = 2 [pid 5628] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5627] <... futex resumed>) = 0 [pid 5627] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5627] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5627] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5628] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5627] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5627] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5629 attached [pid 5629] set_robust_list(0x7f26566289e0, 24 [pid 5627] <... clone resumed>, parent_tid=[5629], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5629 [pid 5629] <... set_robust_list resumed>) = 0 [pid 5627] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5628] <... mmap resumed>) = 0x20000000 [pid 5627] <... futex resumed>) = 0 [pid 5628] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5628] <... futex resumed>) = 0 [pid 5629] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5628] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5629] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5629] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] <... futex resumed>) = 0 [pid 5627] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5628] <... futex resumed>) = 0 [pid 5627] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5629] <... futex resumed>) = 1 [pid 5629] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5628] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5628] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5627] <... futex resumed>) = 0 [pid 5628] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5627] exit_group(0 [pid 5628] <... futex resumed>) = ? [pid 5627] <... exit_group resumed>) = ? [pid 5628] +++ exited with 0 +++ [pid 5629] <... futex resumed>) = ? [pid 5629] +++ exited with 0 +++ [pid 5627] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5627, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./183", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./183", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./183/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./183/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./183/binderfs") = 0 umount2("./183/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 89.188434][ T5628] loop0: detected capacity change from 0 to 256 [ 89.198434][ T5628] exfat: Deprecated parameter 'utf8' [ 89.209284][ T5628] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./183/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./183/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./183/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./183/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./183/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./183") = 0 mkdir("./184", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5630 ./strace-static-x86_64: Process 5630 attached [pid 5630] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5630] chdir("./184") = 0 [pid 5630] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5630] setpgid(0, 0) = 0 [pid 5630] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5630] write(3, "1000", 4) = 4 [pid 5630] close(3) = 0 [pid 5630] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5630] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5630] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5630] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5630] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5631 attached , parent_tid=[5631], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5631 [pid 5631] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5631] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5630] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5631] <... futex resumed>) = 0 [pid 5630] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5631] memfd_create("syzkaller", 0) = 3 [pid 5631] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5631] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5631] munmap(0x7f2656609000, 131072) = 0 [pid 5631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5631] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5631] close(3) = 0 [pid 5631] mkdir("./file2", 0777) = 0 [pid 5631] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5631] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5631] chdir("./file2") = 0 [pid 5631] ioctl(4, LOOP_CLR_FD) = 0 [pid 5631] close(4) = 0 [pid 5631] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5631] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5630] <... futex resumed>) = 0 [pid 5630] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5631] <... futex resumed>) = 0 [pid 5630] <... futex resumed>) = 1 [pid 5631] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5630] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5631] <... openat resumed>) = 4 [pid 5631] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5631] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5630] <... futex resumed>) = 0 [pid 5630] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5631] <... futex resumed>) = 0 [pid 5630] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5631] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5631] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5631] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5630] <... futex resumed>) = 0 [pid 5630] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5631] <... futex resumed>) = 0 [pid 5630] <... futex resumed>) = 1 [pid 5631] write(4, "\x00\x00", 2 [pid 5630] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5631] <... write resumed>) = 2 [pid 5631] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5630] <... futex resumed>) = 0 [pid 5631] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5630] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5631] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5630] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5631] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5630] <... futex resumed>) = 0 [pid 5631] <... mmap resumed>) = 0x20000000 [pid 5630] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5631] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5630] <... mmap resumed>) = 0x7f2656608000 [pid 5630] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5631] <... futex resumed>) = 0 [pid 5631] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5630] <... mprotect resumed>) = 0 [pid 5630] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5632 attached , parent_tid=[5632], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5632 [pid 5630] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5632] set_robust_list(0x7f26566289e0, 24 [pid 5630] <... futex resumed>) = 0 [pid 5632] <... set_robust_list resumed>) = 0 [pid 5630] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5632] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5632] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5632] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5630] <... futex resumed>) = 0 [pid 5632] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5630] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5631] <... futex resumed>) = 0 [pid 5630] <... futex resumed>) = 1 [pid 5631] getdents64(-1, [pid 5630] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5631] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5631] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5630] <... futex resumed>) = 0 [pid 5631] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5630] exit_group(0 [pid 5631] <... futex resumed>) = ? [pid 5630] <... exit_group resumed>) = ? [pid 5631] +++ exited with 0 +++ [pid 5632] <... futex resumed>) = ? [pid 5632] +++ exited with 0 +++ [pid 5630] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5630, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./184", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./184", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./184/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./184/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./184/binderfs") = 0 [ 89.320458][ T5631] loop0: detected capacity change from 0 to 256 [ 89.329630][ T5631] exfat: Deprecated parameter 'utf8' [ 89.340890][ T5631] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./184/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./184/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./184/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./184/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./184/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./184/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./184") = 0 mkdir("./185", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5633 ./strace-static-x86_64: Process 5633 attached [pid 5633] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5633] chdir("./185") = 0 [pid 5633] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5633] setpgid(0, 0) = 0 [pid 5633] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5633] write(3, "1000", 4) = 4 [pid 5633] close(3) = 0 [pid 5633] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5633] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5633] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5633] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5633] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5634], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5634 [pid 5633] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5633] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5634 attached [pid 5634] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5634] memfd_create("syzkaller", 0) = 3 [pid 5634] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5634] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5634] munmap(0x7f2656609000, 131072) = 0 [pid 5634] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5634] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5634] close(3) = 0 [pid 5634] mkdir("./file2", 0777) = 0 [pid 5634] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5634] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5634] chdir("./file2") = 0 [pid 5634] ioctl(4, LOOP_CLR_FD) = 0 [pid 5634] close(4) = 0 [pid 5634] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5633] <... futex resumed>) = 0 [pid 5633] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5633] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5634] <... futex resumed>) = 1 [pid 5634] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5634] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5633] <... futex resumed>) = 0 [pid 5633] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5633] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5634] <... futex resumed>) = 1 [pid 5634] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5634] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5633] <... futex resumed>) = 0 [pid 5633] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5633] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5634] <... futex resumed>) = 1 [pid 5634] write(4, "\x00\x00", 2) = 2 [pid 5634] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5633] <... futex resumed>) = 0 [pid 5633] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5633] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5633] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5633] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5633] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5635], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5635 [pid 5633] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5633] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5634] <... futex resumed>) = 1 [pid 5634] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5634] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5634] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5635 attached [pid 5635] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5635] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5635] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5635] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5633] <... futex resumed>) = 0 [pid 5633] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5633] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5634] <... futex resumed>) = 0 [pid 5634] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5634] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5633] <... futex resumed>) = 0 [pid 5633] exit_group(0) = ? [pid 5634] <... futex resumed>) = ? [pid 5634] +++ exited with 0 +++ [pid 5635] +++ exited with 0 +++ [pid 5633] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5633, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./185", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./185", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./185/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./185/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./185/binderfs") = 0 umount2("./185/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./185/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./185/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./185/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./185/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 89.420638][ T5634] loop0: detected capacity change from 0 to 256 [ 89.430630][ T5634] exfat: Deprecated parameter 'utf8' [ 89.442128][ T5634] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./185/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./185") = 0 mkdir("./186", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5636 ./strace-static-x86_64: Process 5636 attached [pid 5636] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5636] chdir("./186") = 0 [pid 5636] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5636] setpgid(0, 0) = 0 [pid 5636] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5636] write(3, "1000", 4) = 4 [pid 5636] close(3) = 0 [pid 5636] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5636] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5636] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5636] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5636] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5637], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5637 [pid 5636] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5636] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5637 attached [pid 5637] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5637] memfd_create("syzkaller", 0) = 3 [pid 5637] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5637] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5637] munmap(0x7f2656609000, 131072) = 0 [pid 5637] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5637] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5637] close(3) = 0 [pid 5637] mkdir("./file2", 0777) = 0 [pid 5637] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5637] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5637] chdir("./file2") = 0 [pid 5637] ioctl(4, LOOP_CLR_FD) = 0 [pid 5637] close(4) = 0 [pid 5637] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5636] <... futex resumed>) = 0 [pid 5637] <... futex resumed>) = 1 [pid 5637] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5636] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5636] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5637] <... openat resumed>) = 4 [pid 5637] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5637] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5636] <... futex resumed>) = 0 [pid 5637] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5636] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5637] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5636] <... futex resumed>) = 0 [pid 5636] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5637] <... openat resumed>) = 5 [pid 5637] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5636] <... futex resumed>) = 0 [pid 5636] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5636] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5637] <... futex resumed>) = 1 [pid 5637] write(4, "\x00\x00", 2) = 2 [pid 5637] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5636] <... futex resumed>) = 0 [pid 5636] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5636] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5636] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5636] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5636] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5638 attached , parent_tid=[5638], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5638 [pid 5636] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5636] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5637] <... futex resumed>) = 1 [pid 5637] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5638] set_robust_list(0x7f26566289e0, 24 [pid 5637] <... mmap resumed>) = 0x20000000 [pid 5637] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5637] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5638] <... set_robust_list resumed>) = 0 [pid 5638] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5638] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5638] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5636] <... futex resumed>) = 0 [pid 5636] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5637] <... futex resumed>) = 0 [pid 5636] <... futex resumed>) = 1 [pid 5637] getdents64(-1, [pid 5636] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5638] <... futex resumed>) = 1 [pid 5637] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5638] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5637] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5636] <... futex resumed>) = 0 [pid 5637] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5636] exit_group(0 [pid 5638] <... futex resumed>) = ? [pid 5637] <... futex resumed>) = ? [pid 5636] <... exit_group resumed>) = ? [pid 5638] +++ exited with 0 +++ [pid 5637] +++ exited with 0 +++ [pid 5636] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5636, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./186", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./186", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./186/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./186/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./186/binderfs") = 0 [ 89.548537][ T5637] loop0: detected capacity change from 0 to 256 [ 89.557760][ T5637] exfat: Deprecated parameter 'utf8' [ 89.569218][ T5637] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./186/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./186/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./186/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./186/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./186/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./186/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./186") = 0 mkdir("./187", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5639 ./strace-static-x86_64: Process 5639 attached [pid 5639] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5639] chdir("./187") = 0 [pid 5639] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5639] setpgid(0, 0) = 0 [pid 5639] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5639] write(3, "1000", 4) = 4 [pid 5639] close(3) = 0 [pid 5639] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5639] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5639] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5639] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5639] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5640], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5640 [pid 5639] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5639] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5640 attached [pid 5640] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5640] memfd_create("syzkaller", 0) = 3 [pid 5640] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5640] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5640] munmap(0x7f2656609000, 131072) = 0 [pid 5640] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5640] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5640] close(3) = 0 [pid 5640] mkdir("./file2", 0777) = 0 [pid 5640] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5640] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5640] chdir("./file2") = 0 [pid 5640] ioctl(4, LOOP_CLR_FD) = 0 [pid 5640] close(4) = 0 [pid 5640] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5639] <... futex resumed>) = 0 [pid 5640] <... futex resumed>) = 1 [pid 5640] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5639] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5639] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5640] <... openat resumed>) = 4 [pid 5640] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5640] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5639] <... futex resumed>) = 0 [pid 5639] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5640] <... futex resumed>) = 0 [pid 5639] <... futex resumed>) = 1 [pid 5640] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5639] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5640] <... openat resumed>) = 5 [pid 5640] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5639] <... futex resumed>) = 0 [pid 5640] write(4, "\x00\x00", 2 [pid 5639] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5640] <... write resumed>) = 2 [pid 5639] <... futex resumed>) = 0 [pid 5639] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5640] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5639] <... futex resumed>) = 0 [pid 5640] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5639] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5640] <... mmap resumed>) = 0x20000000 [pid 5639] <... futex resumed>) = 0 [pid 5639] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5640] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5639] <... futex resumed>) = 0 [pid 5639] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5640] <... futex resumed>) = 0 [pid 5640] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5639] <... mmap resumed>) = 0x7f2656608000 [pid 5639] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5639] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5641 attached , parent_tid=[5641], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5641 [pid 5641] set_robust_list(0x7f26566289e0, 24 [pid 5639] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5641] <... set_robust_list resumed>) = 0 [pid 5639] <... futex resumed>) = 0 [pid 5639] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5641] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5641] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5641] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5639] <... futex resumed>) = 0 [pid 5641] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5639] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5640] <... futex resumed>) = 0 [pid 5639] <... futex resumed>) = 1 [pid 5640] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5639] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5640] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5639] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5640] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5639] exit_group(0) = ? [pid 5640] <... futex resumed>) = ? [pid 5641] <... futex resumed>) = ? [pid 5641] +++ exited with 0 +++ [pid 5640] +++ exited with 0 +++ [pid 5639] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5639, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./187", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./187", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./187/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./187/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./187/binderfs") = 0 umount2("./187/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./187/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./187/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./187/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 89.676958][ T5640] loop0: detected capacity change from 0 to 256 [ 89.685744][ T5640] exfat: Deprecated parameter 'utf8' [ 89.695142][ T5640] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) openat(AT_FDCWD, "./187/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./187/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./187") = 0 mkdir("./188", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5642 ./strace-static-x86_64: Process 5642 attached [pid 5642] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5642] chdir("./188") = 0 [pid 5642] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5642] setpgid(0, 0) = 0 [pid 5642] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5642] write(3, "1000", 4) = 4 [pid 5642] close(3) = 0 [pid 5642] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5642] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5642] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5642] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5642] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5643 attached , parent_tid=[5643], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5643 [pid 5642] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5642] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5643] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5643] memfd_create("syzkaller", 0) = 3 [pid 5643] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5643] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5643] munmap(0x7f2656609000, 131072) = 0 [pid 5643] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5643] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5643] close(3) = 0 [pid 5643] mkdir("./file2", 0777) = 0 [pid 5643] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5643] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5643] chdir("./file2") = 0 [pid 5643] ioctl(4, LOOP_CLR_FD) = 0 [pid 5643] close(4) = 0 [pid 5643] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5642] <... futex resumed>) = 0 [pid 5643] <... futex resumed>) = 1 [pid 5642] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5643] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5642] <... futex resumed>) = 0 [pid 5642] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5643] <... openat resumed>) = 4 [pid 5643] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5642] <... futex resumed>) = 0 [pid 5642] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5642] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5643] <... futex resumed>) = 1 [pid 5643] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5643] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5642] <... futex resumed>) = 0 [pid 5642] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5642] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5643] <... futex resumed>) = 1 [pid 5643] write(4, "\x00\x00", 2) = 2 [pid 5643] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5642] <... futex resumed>) = 0 [pid 5642] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5642] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5642] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5642] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5642] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5644], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5644 [pid 5642] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5642] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5643] <... futex resumed>) = 1 [pid 5643] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0./strace-static-x86_64: Process 5644 attached [pid 5644] set_robust_list(0x7f26566289e0, 24 [pid 5643] <... mmap resumed>) = 0x20000000 [pid 5643] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5643] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5644] <... set_robust_list resumed>) = 0 [pid 5644] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5644] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5644] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5642] <... futex resumed>) = 0 [pid 5642] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5642] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5643] <... futex resumed>) = 0 [pid 5643] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5643] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5642] <... futex resumed>) = 0 [pid 5642] exit_group(0) = ? [pid 5643] <... futex resumed>) = ? [pid 5644] <... futex resumed>) = ? [pid 5643] +++ exited with 0 +++ [pid 5644] +++ exited with 0 +++ [pid 5642] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5642, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./188", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./188", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./188/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./188/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./188/binderfs") = 0 [ 89.796944][ T5643] loop0: detected capacity change from 0 to 256 [ 89.806582][ T5643] exfat: Deprecated parameter 'utf8' [ 89.817745][ T5643] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./188/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./188/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./188/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./188/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./188/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./188/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./188") = 0 mkdir("./189", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5645 attached , child_tidptr=0x555556b3a6d0) = 5645 [pid 5645] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5645] chdir("./189") = 0 [pid 5645] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5645] setpgid(0, 0) = 0 [pid 5645] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5645] write(3, "1000", 4) = 4 [pid 5645] close(3) = 0 [pid 5645] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5645] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5645] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5645] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5645] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5646 attached [pid 5646] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5645] <... clone resumed>, parent_tid=[5646], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5646 [pid 5646] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5645] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5646] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5645] <... futex resumed>) = 0 [pid 5645] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5646] memfd_create("syzkaller", 0) = 3 [pid 5646] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5646] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5646] munmap(0x7f2656609000, 131072) = 0 [pid 5646] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5646] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5646] close(3) = 0 [pid 5646] mkdir("./file2", 0777) = 0 [pid 5646] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5646] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5646] chdir("./file2") = 0 [pid 5646] ioctl(4, LOOP_CLR_FD) = 0 [pid 5646] close(4) = 0 [pid 5646] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5646] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5645] <... futex resumed>) = 0 [pid 5645] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5645] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5646] <... futex resumed>) = 0 [pid 5646] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5646] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5645] <... futex resumed>) = 0 [pid 5646] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5645] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5645] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5646] <... openat resumed>) = 5 [pid 5646] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5645] <... futex resumed>) = 0 [pid 5645] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5645] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5646] <... futex resumed>) = 1 [pid 5646] write(4, "\x00\x00", 2) = 2 [pid 5646] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5645] <... futex resumed>) = 0 [pid 5646] <... futex resumed>) = 1 [pid 5645] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5646] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5645] <... futex resumed>) = 0 [pid 5646] <... mmap resumed>) = 0x20000000 [pid 5645] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5645] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5645] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5646] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5645] <... mprotect resumed>) = 0 [pid 5646] <... futex resumed>) = 0 [pid 5645] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5646] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5647 attached [pid 5645] <... clone resumed>, parent_tid=[5647], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5647 [pid 5645] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5645] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5647] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5647] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5647] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5647] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5645] <... futex resumed>) = 0 [pid 5647] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5645] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5646] <... futex resumed>) = 0 [pid 5645] <... futex resumed>) = 1 [pid 5646] getdents64(-1, [pid 5645] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5646] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5646] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5645] <... futex resumed>) = 0 [pid 5646] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5645] exit_group(0 [pid 5647] <... futex resumed>) = ? [pid 5646] <... futex resumed>) = ? [pid 5645] <... exit_group resumed>) = ? [pid 5647] +++ exited with 0 +++ [pid 5646] +++ exited with 0 +++ [pid 5645] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5645, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./189", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./189", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./189/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./189/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./189/binderfs") = 0 umount2("./189/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./189/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./189/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 89.919195][ T5646] loop0: detected capacity change from 0 to 256 [ 89.928168][ T5646] exfat: Deprecated parameter 'utf8' [ 89.939261][ T5646] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./189/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./189/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./189/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./189") = 0 mkdir("./190", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5648 ./strace-static-x86_64: Process 5648 attached [pid 5648] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5648] chdir("./190") = 0 [pid 5648] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5648] setpgid(0, 0) = 0 [pid 5648] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5648] write(3, "1000", 4) = 4 [pid 5648] close(3) = 0 [pid 5648] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5648] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5648] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5648] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5648] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5649 attached , parent_tid=[5649], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5649 [pid 5649] set_robust_list(0x7f265ea299e0, 24 [pid 5648] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5649] <... set_robust_list resumed>) = 0 [pid 5648] <... futex resumed>) = 0 [pid 5648] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5649] memfd_create("syzkaller", 0) = 3 [pid 5649] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5649] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5649] munmap(0x7f2656609000, 131072) = 0 [pid 5649] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5649] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5649] close(3) = 0 [pid 5649] mkdir("./file2", 0777) = 0 [pid 5649] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5649] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5649] chdir("./file2") = 0 [pid 5649] ioctl(4, LOOP_CLR_FD) = 0 [pid 5649] close(4) = 0 [pid 5649] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5648] <... futex resumed>) = 0 [pid 5649] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5648] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5648] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5649] <... openat resumed>) = 4 [pid 5649] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5648] <... futex resumed>) = 0 [pid 5649] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5648] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5648] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5649] <... openat resumed>) = 5 [pid 5649] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5648] <... futex resumed>) = 0 [pid 5648] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5648] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5649] write(4, "\x00\x00", 2) = 2 [pid 5649] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5648] <... futex resumed>) = 0 [pid 5648] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5648] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5648] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5648] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5648] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5650], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5650 [pid 5648] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5650 attached [pid 5648] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5650] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5650] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5649] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5650] <... openat resumed>) = 6 [pid 5650] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5648] <... futex resumed>) = 0 [pid 5648] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5648] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5650] <... futex resumed>) = 1 [pid 5649] <... mmap resumed>) = 0x20000000 [pid 5650] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 5650] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5648] <... futex resumed>) = 0 [pid 5650] <... futex resumed>) = 1 [pid 5650] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5649] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5649] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5648] exit_group(0) = ? [pid 5649] <... futex resumed>) = ? [pid 5650] <... futex resumed>) = ? [pid 5649] +++ exited with 0 +++ [pid 5650] +++ exited with 0 +++ [pid 5648] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5648, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./190", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./190", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./190/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./190/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./190/binderfs") = 0 [ 90.057580][ T5649] loop0: detected capacity change from 0 to 256 [ 90.067499][ T5649] exfat: Deprecated parameter 'utf8' [ 90.078191][ T5649] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./190/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./190/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./190/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./190/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./190/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./190/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./190") = 0 mkdir("./191", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5651 ./strace-static-x86_64: Process 5651 attached [pid 5651] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5651] chdir("./191") = 0 [pid 5651] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5651] setpgid(0, 0) = 0 [pid 5651] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5651] write(3, "1000", 4) = 4 [pid 5651] close(3) = 0 [pid 5651] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5651] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5651] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5651] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5651] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5652], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5652 [pid 5651] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5652 attached ) = 0 [pid 5651] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5652] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5652] memfd_create("syzkaller", 0) = 3 [pid 5652] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5652] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5652] munmap(0x7f2656609000, 131072) = 0 [pid 5652] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5652] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5652] close(3) = 0 [pid 5652] mkdir("./file2", 0777) = 0 [pid 5652] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5652] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5652] chdir("./file2") = 0 [pid 5652] ioctl(4, LOOP_CLR_FD) = 0 [pid 5652] close(4) = 0 [pid 5652] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5651] <... futex resumed>) = 0 [pid 5651] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5651] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5652] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5652] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5651] <... futex resumed>) = 0 [pid 5651] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5651] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5652] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5652] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5651] <... futex resumed>) = 0 [pid 5651] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5651] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5652] write(4, "\x00\x00", 2) = 2 [pid 5652] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5651] <... futex resumed>) = 0 [pid 5651] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5651] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5651] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5652] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5651] <... mmap resumed>) = 0x7f2656608000 [pid 5651] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5652] <... mmap resumed>) = 0x20000000 [pid 5651] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5653 attached [pid 5652] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5651] <... clone resumed>, parent_tid=[5653], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5653 [pid 5651] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5651] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5653] set_robust_list(0x7f26566289e0, 24 [pid 5652] <... futex resumed>) = 0 [pid 5653] <... set_robust_list resumed>) = 0 [pid 5652] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5653] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5653] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5653] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5651] <... futex resumed>) = 0 [pid 5651] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5652] <... futex resumed>) = 0 [pid 5651] <... futex resumed>) = 1 [pid 5652] getdents64(-1, [pid 5651] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5653] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5652] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5652] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5651] <... futex resumed>) = 0 [pid 5652] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5651] exit_group(0 [pid 5652] <... futex resumed>) = ? [pid 5651] <... exit_group resumed>) = ? [pid 5652] +++ exited with 0 +++ [pid 5653] <... futex resumed>) = ? [pid 5653] +++ exited with 0 +++ [pid 5651] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5651, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./191", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./191", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./191/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./191/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./191/binderfs") = 0 [ 90.169648][ T5652] loop0: detected capacity change from 0 to 256 [ 90.179966][ T5652] exfat: Deprecated parameter 'utf8' [ 90.191044][ T5652] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./191/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./191/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./191/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./191/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./191/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./191/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./191") = 0 mkdir("./192", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5654 ./strace-static-x86_64: Process 5654 attached [pid 5654] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5654] chdir("./192") = 0 [pid 5654] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5654] setpgid(0, 0) = 0 [pid 5654] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5654] write(3, "1000", 4) = 4 [pid 5654] close(3) = 0 [pid 5654] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5654] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5654] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5654] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5654] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5655], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5655 [pid 5654] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5654] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5655 attached [pid 5655] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5655] memfd_create("syzkaller", 0) = 3 [pid 5655] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5655] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5655] munmap(0x7f2656609000, 131072) = 0 [pid 5655] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5655] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5655] close(3) = 0 [pid 5655] mkdir("./file2", 0777) = 0 [pid 5655] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5655] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5655] chdir("./file2") = 0 [pid 5655] ioctl(4, LOOP_CLR_FD) = 0 [pid 5655] close(4) = 0 [pid 5655] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5654] <... futex resumed>) = 0 [pid 5655] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5654] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5655] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5654] <... futex resumed>) = 0 [pid 5655] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5654] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5655] <... openat resumed>) = 4 [pid 5655] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5654] <... futex resumed>) = 0 [pid 5655] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5654] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5655] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5654] <... futex resumed>) = 0 [pid 5655] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5654] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5655] <... openat resumed>) = 5 [pid 5655] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5654] <... futex resumed>) = 0 [pid 5655] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5654] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5655] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5654] <... futex resumed>) = 0 [pid 5655] write(4, "\x00\x00", 2 [pid 5654] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5655] <... write resumed>) = 2 [pid 5655] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5654] <... futex resumed>) = 0 [pid 5655] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5654] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5655] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5654] <... futex resumed>) = 0 [pid 5655] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5654] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5654] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5655] <... mmap resumed>) = 0x20000000 [pid 5654] <... mmap resumed>) = 0x7f2656608000 [pid 5655] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5654] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5655] <... futex resumed>) = 0 [pid 5654] <... mprotect resumed>) = 0 [pid 5655] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5654] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5656], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5656 ./strace-static-x86_64: Process 5656 attached [pid 5656] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5656] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5654] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5654] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5656] <... futex resumed>) = 0 [pid 5656] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5656] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5656] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5654] <... futex resumed>) = 0 [pid 5654] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5654] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5656] <... futex resumed>) = 1 [pid 5656] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5655] <... futex resumed>) = 0 [pid 5655] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5655] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5654] <... futex resumed>) = 0 [pid 5654] exit_group(0) = ? [pid 5655] +++ exited with 0 +++ [pid 5656] <... futex resumed>) = ? [pid 5656] +++ exited with 0 +++ [pid 5654] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5654, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./192", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./192", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./192/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./192/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./192/binderfs") = 0 [ 90.290009][ T5655] loop0: detected capacity change from 0 to 256 [ 90.299273][ T5655] exfat: Deprecated parameter 'utf8' [ 90.310909][ T5655] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./192/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./192/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./192/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./192/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./192/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./192/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./192") = 0 mkdir("./193", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5657 ./strace-static-x86_64: Process 5657 attached [pid 5657] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5657] chdir("./193") = 0 [pid 5657] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5657] setpgid(0, 0) = 0 [pid 5657] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5657] write(3, "1000", 4) = 4 [pid 5657] close(3) = 0 [pid 5657] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5657] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5657] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5657] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5657] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5658 attached [pid 5658] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5658] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5657] <... clone resumed>, parent_tid=[5658], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5658 [pid 5657] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5658] <... futex resumed>) = 0 [pid 5657] <... futex resumed>) = 1 [pid 5658] memfd_create("syzkaller", 0 [pid 5657] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5658] <... memfd_create resumed>) = 3 [pid 5658] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5658] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5658] munmap(0x7f2656609000, 131072) = 0 [pid 5658] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5658] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5658] close(3) = 0 [pid 5658] mkdir("./file2", 0777) = 0 [pid 5658] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5658] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5658] chdir("./file2") = 0 [pid 5658] ioctl(4, LOOP_CLR_FD) = 0 [pid 5658] close(4) = 0 [pid 5658] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5657] <... futex resumed>) = 0 [pid 5657] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5657] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5658] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5658] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5657] <... futex resumed>) = 0 [pid 5658] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5657] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5658] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5657] <... futex resumed>) = 0 [pid 5658] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5657] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5658] <... openat resumed>) = 5 [pid 5658] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5657] <... futex resumed>) = 0 [pid 5658] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5657] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5658] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5657] <... futex resumed>) = 0 [pid 5658] write(4, "\x00\x00", 2 [pid 5657] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5658] <... write resumed>) = 2 [pid 5658] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5657] <... futex resumed>) = 0 [pid 5658] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5657] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5658] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5657] <... futex resumed>) = 0 [pid 5658] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5657] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5658] <... mmap resumed>) = 0x20000000 [pid 5657] <... futex resumed>) = 0 [pid 5658] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5657] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5658] <... futex resumed>) = 0 [pid 5658] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5657] <... mmap resumed>) = 0x7f2656608000 [pid 5657] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5657] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5659 attached , parent_tid=[5659], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5659 [pid 5659] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5659] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5657] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5659] <... futex resumed>) = 0 [pid 5659] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5659] openat(AT_FDCWD, "", O_RDONLY [pid 5657] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5659] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5659] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5657] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5659] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5657] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5657] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5658] <... futex resumed>) = 0 [pid 5658] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5658] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5657] <... futex resumed>) = 0 [pid 5658] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5657] exit_group(0) = ? [pid 5658] <... futex resumed>) = ? [pid 5659] <... futex resumed>) = ? [pid 5659] +++ exited with 0 +++ [pid 5658] +++ exited with 0 +++ [pid 5657] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5657, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./193", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./193", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./193/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./193/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./193/binderfs") = 0 umount2("./193/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 90.410787][ T5658] loop0: detected capacity change from 0 to 256 [ 90.419667][ T5658] exfat: Deprecated parameter 'utf8' [ 90.430075][ T5658] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./193/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./193/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./193/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./193/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./193/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./193") = 0 mkdir("./194", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5660 attached [pid 5660] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5660] chdir("./194") = 0 [pid 5660] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5660] setpgid(0, 0) = 0 [pid 5078] <... clone resumed>, child_tidptr=0x555556b3a6d0) = 5660 [pid 5660] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5660] write(3, "1000", 4) = 4 [pid 5660] close(3) = 0 [pid 5660] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5660] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5660] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5660] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5660] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5661], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5661 [pid 5660] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5660] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5661 attached [pid 5661] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5661] memfd_create("syzkaller", 0) = 3 [pid 5661] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5661] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5661] munmap(0x7f2656609000, 131072) = 0 [pid 5661] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5661] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5661] close(3) = 0 [pid 5661] mkdir("./file2", 0777) = 0 [pid 5661] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5661] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5661] chdir("./file2") = 0 [pid 5661] ioctl(4, LOOP_CLR_FD) = 0 [pid 5661] close(4) = 0 [pid 5661] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5660] <... futex resumed>) = 0 [pid 5660] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5660] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5661] <... futex resumed>) = 1 [pid 5661] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5661] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5660] <... futex resumed>) = 0 [pid 5661] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5660] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5660] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5661] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5661] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5661] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5661] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5660] <... futex resumed>) = 0 [pid 5660] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5660] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5661] <... futex resumed>) = 0 [pid 5661] write(4, "\x00\x00", 2) = 2 [pid 5661] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5660] <... futex resumed>) = 0 [pid 5660] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5660] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5660] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5660] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5660] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5662], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5662 ./strace-static-x86_64: Process 5662 attached [pid 5660] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5660] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5661] <... futex resumed>) = 1 [pid 5661] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5662] set_robust_list(0x7f26566289e0, 24 [pid 5661] <... mmap resumed>) = 0x20000000 [pid 5661] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5661] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5662] <... set_robust_list resumed>) = 0 [pid 5662] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5662] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5662] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5660] <... futex resumed>) = 0 [pid 5662] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5660] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5661] <... futex resumed>) = 0 [pid 5660] <... futex resumed>) = 1 [pid 5661] getdents64(-1, [pid 5660] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5661] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5661] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5660] <... futex resumed>) = 0 [pid 5661] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5660] exit_group(0 [pid 5662] <... futex resumed>) = ? [pid 5661] <... futex resumed>) = ? [pid 5660] <... exit_group resumed>) = ? [pid 5662] +++ exited with 0 +++ [pid 5661] +++ exited with 0 +++ [pid 5660] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5660, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./194", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./194", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./194/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./194/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./194/binderfs") = 0 [ 90.522573][ T5661] loop0: detected capacity change from 0 to 256 [ 90.531916][ T5661] exfat: Deprecated parameter 'utf8' [ 90.542278][ T5661] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./194/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./194/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./194/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./194/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./194/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./194/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./194") = 0 mkdir("./195", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5663 ./strace-static-x86_64: Process 5663 attached [pid 5663] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5663] chdir("./195") = 0 [pid 5663] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5663] setpgid(0, 0) = 0 [pid 5663] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5663] write(3, "1000", 4) = 4 [pid 5663] close(3) = 0 [pid 5663] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5663] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5663] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5663] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5663] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5664 attached , parent_tid=[5664], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5664 [pid 5664] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5664] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5663] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5664] <... futex resumed>) = 0 [pid 5664] memfd_create("syzkaller", 0) = 3 [pid 5664] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5664] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5664] munmap(0x7f2656609000, 131072 [pid 5663] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5664] <... munmap resumed>) = 0 [pid 5664] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5664] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5664] close(3) = 0 [pid 5664] mkdir("./file2", 0777) = 0 [pid 5664] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5664] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5664] chdir("./file2") = 0 [pid 5664] ioctl(4, LOOP_CLR_FD) = 0 [pid 5664] close(4) = 0 [pid 5664] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5663] <... futex resumed>) = 0 [pid 5664] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5663] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5663] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5664] <... futex resumed>) = 0 [pid 5664] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5664] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5663] <... futex resumed>) = 0 [pid 5663] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5663] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5664] <... futex resumed>) = 1 [pid 5664] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5664] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5663] <... futex resumed>) = 0 [pid 5663] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5663] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5664] <... futex resumed>) = 1 [pid 5664] write(4, "\x00\x00", 2) = 2 [pid 5664] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5663] <... futex resumed>) = 0 [pid 5663] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5663] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5663] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5663] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5663] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5665], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5665 [pid 5663] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5663] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5664] <... futex resumed>) = 1 [pid 5664] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0./strace-static-x86_64: Process 5665 attached ) = 0x20000000 [pid 5664] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5664] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5665] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5665] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5665] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5665] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5663] <... futex resumed>) = 0 [pid 5663] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5664] <... futex resumed>) = 0 [pid 5663] <... futex resumed>) = 1 [pid 5664] getdents64(-1, [pid 5663] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5664] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5665] <... futex resumed>) = 1 [pid 5664] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5665] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5664] <... futex resumed>) = 1 [pid 5663] <... futex resumed>) = 0 [pid 5664] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5663] exit_group(0 [pid 5665] <... futex resumed>) = ? [pid 5664] <... futex resumed>) = ? [pid 5663] <... exit_group resumed>) = ? [pid 5665] +++ exited with 0 +++ [pid 5664] +++ exited with 0 +++ [pid 5663] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5663, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./195", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./195", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./195/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./195/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./195/binderfs") = 0 [ 90.662415][ T5664] loop0: detected capacity change from 0 to 256 [ 90.672459][ T5664] exfat: Deprecated parameter 'utf8' [ 90.687028][ T5664] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./195/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./195/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./195/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./195/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./195/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./195/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./195") = 0 mkdir("./196", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5666 ./strace-static-x86_64: Process 5666 attached [pid 5666] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5666] chdir("./196") = 0 [pid 5666] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5666] setpgid(0, 0) = 0 [pid 5666] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5666] write(3, "1000", 4) = 4 [pid 5666] close(3) = 0 [pid 5666] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5666] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5666] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5666] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5666] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5667], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5667 [pid 5666] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5666] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5667 attached [pid 5667] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5667] memfd_create("syzkaller", 0) = 3 [pid 5667] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5667] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5667] munmap(0x7f2656609000, 131072) = 0 [pid 5667] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5667] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5667] close(3) = 0 [pid 5667] mkdir("./file2", 0777) = 0 [pid 5667] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5667] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5667] chdir("./file2") = 0 [pid 5667] ioctl(4, LOOP_CLR_FD) = 0 [pid 5667] close(4) = 0 [pid 5667] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5666] <... futex resumed>) = 0 [pid 5667] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5666] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5667] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5666] <... futex resumed>) = 0 [pid 5667] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5666] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5667] <... openat resumed>) = 4 [pid 5667] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5666] <... futex resumed>) = 0 [pid 5667] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5666] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5667] <... openat resumed>) = 5 [pid 5666] <... futex resumed>) = 0 [pid 5667] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5666] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5667] <... futex resumed>) = 0 [pid 5666] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5667] write(4, "\x00\x00", 2 [pid 5666] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5667] <... write resumed>) = 2 [pid 5666] <... futex resumed>) = 0 [pid 5667] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5666] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5667] <... futex resumed>) = 0 [pid 5666] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5667] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5666] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5667] <... mmap resumed>) = 0x20000000 [pid 5666] <... futex resumed>) = 0 [pid 5667] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5666] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5667] <... futex resumed>) = 0 [pid 5666] <... futex resumed>) = 0 [pid 5667] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5666] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5666] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5666] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5668 attached , parent_tid=[5668], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5668 [pid 5666] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5666] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5668] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5668] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5668] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5668] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5666] <... futex resumed>) = 0 [pid 5666] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5667] <... futex resumed>) = 0 [pid 5666] <... futex resumed>) = 1 [pid 5667] getdents64(-1, [pid 5666] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5667] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5667] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5666] <... futex resumed>) = 0 [pid 5667] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5666] exit_group(0 [pid 5667] <... futex resumed>) = ? [pid 5666] <... exit_group resumed>) = ? [pid 5667] +++ exited with 0 +++ [pid 5668] +++ exited with 0 +++ [pid 5666] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5666, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./196", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./196", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./196/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./196/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./196/binderfs") = 0 [ 90.786053][ T5667] loop0: detected capacity change from 0 to 256 [ 90.795901][ T5667] exfat: Deprecated parameter 'utf8' [ 90.807586][ T5667] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./196/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./196/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./196/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./196/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./196/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./196/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./196") = 0 mkdir("./197", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5669 attached , child_tidptr=0x555556b3a6d0) = 5669 [pid 5669] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5669] chdir("./197") = 0 [pid 5669] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5669] setpgid(0, 0) = 0 [pid 5669] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5669] write(3, "1000", 4) = 4 [pid 5669] close(3) = 0 [pid 5669] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5669] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5669] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5669] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5669] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5670 attached , parent_tid=[5670], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5670 [pid 5669] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5669] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5670] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5670] memfd_create("syzkaller", 0) = 3 [pid 5670] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5670] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5670] munmap(0x7f2656609000, 131072) = 0 [pid 5670] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5670] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5670] close(3) = 0 [pid 5670] mkdir("./file2", 0777) = 0 [pid 5670] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5670] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5670] chdir("./file2") = 0 [pid 5670] ioctl(4, LOOP_CLR_FD) = 0 [pid 5670] close(4) = 0 [pid 5670] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5669] <... futex resumed>) = 0 [pid 5670] <... futex resumed>) = 1 [pid 5669] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5669] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5670] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5670] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5669] <... futex resumed>) = 0 [pid 5669] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5670] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5669] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5670] <... openat resumed>) = 5 [pid 5670] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5669] <... futex resumed>) = 0 [pid 5670] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5669] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5670] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5669] <... futex resumed>) = 0 [pid 5670] write(4, "\x00\x00", 2 [pid 5669] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5670] <... write resumed>) = 2 [pid 5670] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5669] <... futex resumed>) = 0 [pid 5670] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5669] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5670] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5669] <... futex resumed>) = 0 [pid 5670] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5669] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5669] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5670] <... mmap resumed>) = 0x20000000 [pid 5669] <... mmap resumed>) = 0x7f2656608000 [pid 5670] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5669] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5670] <... futex resumed>) = 0 [pid 5669] <... mprotect resumed>) = 0 [pid 5670] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5669] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5671 attached , parent_tid=[5671], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5671 [pid 5671] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5671] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5669] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5669] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5671] <... futex resumed>) = 0 [pid 5671] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5671] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5671] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5669] <... futex resumed>) = 0 [pid 5669] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5669] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5671] <... futex resumed>) = 1 [pid 5671] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5670] <... futex resumed>) = 0 [pid 5670] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5670] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5669] <... futex resumed>) = 0 [pid 5670] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5669] exit_group(0 [pid 5670] <... futex resumed>) = ? [pid 5669] <... exit_group resumed>) = ? [pid 5671] <... futex resumed>) = ? [pid 5670] +++ exited with 0 +++ [pid 5671] +++ exited with 0 +++ [pid 5669] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5669, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./197", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./197", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./197/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./197/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./197/binderfs") = 0 umount2("./197/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./197/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./197/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./197/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./197/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 90.912660][ T5670] loop0: detected capacity change from 0 to 256 [ 90.921109][ T5670] exfat: Deprecated parameter 'utf8' [ 90.932681][ T5670] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./197/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./197") = 0 mkdir("./198", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5672 ./strace-static-x86_64: Process 5672 attached [pid 5672] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5672] chdir("./198") = 0 [pid 5672] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5672] setpgid(0, 0) = 0 [pid 5672] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5672] write(3, "1000", 4) = 4 [pid 5672] close(3) = 0 [pid 5672] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5672] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5672] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5672] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5672] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5673 attached , parent_tid=[5673], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5673 [pid 5672] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5672] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5673] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5673] memfd_create("syzkaller", 0) = 3 [pid 5673] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5673] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5673] munmap(0x7f2656609000, 131072) = 0 [pid 5673] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5673] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5673] close(3) = 0 [pid 5673] mkdir("./file2", 0777) = 0 [pid 5673] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5673] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5673] chdir("./file2") = 0 [pid 5673] ioctl(4, LOOP_CLR_FD) = 0 [pid 5673] close(4) = 0 [pid 5673] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5672] <... futex resumed>) = 0 [pid 5673] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5672] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5672] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5673] <... openat resumed>) = 4 [pid 5673] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5672] <... futex resumed>) = 0 [pid 5673] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5672] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5672] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5673] <... openat resumed>) = 5 [pid 5673] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5672] <... futex resumed>) = 0 [pid 5672] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5672] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5673] write(4, "\x00\x00", 2) = 2 [pid 5673] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5672] <... futex resumed>) = 0 [pid 5672] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5672] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5672] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5672] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5672] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5674], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5674 [pid 5672] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5674 attached [pid 5672] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5674] set_robust_list(0x7f26566289e0, 24 [pid 5673] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5674] <... set_robust_list resumed>) = 0 [pid 5674] openat(AT_FDCWD, "", O_RDONLY [pid 5673] <... mmap resumed>) = 0x20000000 [pid 5674] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5674] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5672] <... futex resumed>) = 0 [pid 5673] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5672] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5674] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5673] <... futex resumed>) = 0 [pid 5672] <... futex resumed>) = 0 [pid 5673] getdents64(-1, [pid 5672] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5673] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5673] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5672] <... futex resumed>) = 0 [pid 5673] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5672] exit_group(0 [pid 5673] <... futex resumed>) = ? [pid 5672] <... exit_group resumed>) = ? [pid 5673] +++ exited with 0 +++ [pid 5674] <... futex resumed>) = ? [ 91.040915][ T5673] loop0: detected capacity change from 0 to 256 [ 91.051114][ T5673] exfat: Deprecated parameter 'utf8' [ 91.062335][ T5673] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5674] +++ exited with 0 +++ [pid 5672] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5672, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./198", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./198", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./198/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./198/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./198/binderfs") = 0 umount2("./198/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./198/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./198/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./198/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./198/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./198/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./198") = 0 mkdir("./199", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5675 ./strace-static-x86_64: Process 5675 attached [pid 5675] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5675] chdir("./199") = 0 [pid 5675] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5675] setpgid(0, 0) = 0 [pid 5675] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5675] write(3, "1000", 4) = 4 [pid 5675] close(3) = 0 [pid 5675] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5675] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5675] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5675] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5675] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5676 attached , parent_tid=[5676], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5676 [pid 5676] set_robust_list(0x7f265ea299e0, 24 [pid 5675] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5675] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5676] <... set_robust_list resumed>) = 0 [pid 5676] memfd_create("syzkaller", 0) = 3 [pid 5676] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5676] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5676] munmap(0x7f2656609000, 131072) = 0 [pid 5676] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5676] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5676] close(3) = 0 [pid 5676] mkdir("./file2", 0777) = 0 [pid 5676] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5676] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5676] chdir("./file2") = 0 [pid 5676] ioctl(4, LOOP_CLR_FD) = 0 [pid 5676] close(4) = 0 [pid 5676] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5675] <... futex resumed>) = 0 [pid 5676] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5675] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5676] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5675] <... futex resumed>) = 0 [pid 5676] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5675] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5676] <... openat resumed>) = 4 [pid 5676] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5676] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5675] <... futex resumed>) = 0 [pid 5675] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5676] <... futex resumed>) = 0 [pid 5675] <... futex resumed>) = 1 [pid 5676] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5675] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5676] <... openat resumed>) = 5 [pid 5676] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5675] <... futex resumed>) = 0 [pid 5676] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5675] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5676] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5675] <... futex resumed>) = 0 [pid 5676] write(4, "\x00\x00", 2 [pid 5675] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5676] <... write resumed>) = 2 [pid 5676] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5675] <... futex resumed>) = 0 [pid 5676] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5675] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5676] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5675] <... futex resumed>) = 0 [pid 5676] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5675] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5675] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5676] <... mmap resumed>) = 0x20000000 [pid 5675] <... mmap resumed>) = 0x7f2656608000 [pid 5676] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5676] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5675] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5675] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5677 attached [pid 5677] set_robust_list(0x7f26566289e0, 24 [pid 5675] <... clone resumed>, parent_tid=[5677], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5677 [pid 5677] <... set_robust_list resumed>) = 0 [pid 5677] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5675] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5677] <... futex resumed>) = 0 [pid 5675] <... futex resumed>) = 1 [pid 5677] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5675] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5677] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5677] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5675] <... futex resumed>) = 0 [pid 5677] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5675] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5676] <... futex resumed>) = 0 [pid 5676] getdents64(-1, [pid 5675] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5676] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5676] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5675] <... futex resumed>) = 0 [pid 5676] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5675] exit_group(0) = ? [pid 5676] <... futex resumed>) = ? [pid 5677] <... futex resumed>) = ? [pid 5676] +++ exited with 0 +++ [pid 5677] +++ exited with 0 +++ [pid 5675] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5675, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./199", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./199", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./199/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./199/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./199/binderfs") = 0 umount2("./199/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./199/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 91.182046][ T5676] loop0: detected capacity change from 0 to 256 [ 91.190736][ T5676] exfat: Deprecated parameter 'utf8' [ 91.199687][ T5676] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) lstat("./199/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./199/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./199/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./199/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./199") = 0 mkdir("./200", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5678 ./strace-static-x86_64: Process 5678 attached [pid 5678] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5678] chdir("./200") = 0 [pid 5678] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5678] setpgid(0, 0) = 0 [pid 5678] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5678] write(3, "1000", 4) = 4 [pid 5678] close(3) = 0 [pid 5678] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5678] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5678] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5678] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5678] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5679], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5679 [pid 5678] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5678] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5679 attached [pid 5679] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5679] memfd_create("syzkaller", 0) = 3 [pid 5679] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5679] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5679] munmap(0x7f2656609000, 131072) = 0 [pid 5679] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5679] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5679] close(3) = 0 [pid 5679] mkdir("./file2", 0777) = 0 [pid 5679] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5679] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5679] chdir("./file2") = 0 [pid 5679] ioctl(4, LOOP_CLR_FD) = 0 [pid 5679] close(4) = 0 [pid 5679] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5678] <... futex resumed>) = 0 [pid 5678] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5678] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5679] <... futex resumed>) = 1 [pid 5679] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5679] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5678] <... futex resumed>) = 0 [pid 5678] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5678] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5679] <... futex resumed>) = 1 [pid 5679] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5679] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5678] <... futex resumed>) = 0 [pid 5678] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5678] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5679] <... futex resumed>) = 1 [pid 5679] write(4, "\x00\x00", 2) = 2 [pid 5679] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5678] <... futex resumed>) = 0 [pid 5678] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5678] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5678] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5678] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5678] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5680], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5680 [pid 5678] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5678] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5679] <... futex resumed>) = 1 [pid 5679] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5679] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5679] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5680 attached [pid 5680] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5680] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5680] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5680] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5678] <... futex resumed>) = 0 [pid 5678] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5679] <... futex resumed>) = 0 [pid 5678] <... futex resumed>) = 1 [pid 5679] getdents64(-1, [pid 5678] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5679] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5679] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5680] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5679] <... futex resumed>) = 1 [pid 5678] <... futex resumed>) = 0 [pid 5679] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5678] exit_group(0 [pid 5679] <... futex resumed>) = ? [pid 5678] <... exit_group resumed>) = ? [pid 5680] <... futex resumed>) = ? [pid 5679] +++ exited with 0 +++ [pid 5680] +++ exited with 0 +++ [pid 5678] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5678, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./200", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./200", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./200/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./200/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./200/binderfs") = 0 umount2("./200/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./200/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 91.294861][ T5679] loop0: detected capacity change from 0 to 256 [ 91.305058][ T5679] exfat: Deprecated parameter 'utf8' [ 91.315260][ T5679] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) lstat("./200/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./200/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./200/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./200/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./200") = 0 mkdir("./201", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5681 attached , child_tidptr=0x555556b3a6d0) = 5681 [pid 5681] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5681] chdir("./201") = 0 [pid 5681] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5681] setpgid(0, 0) = 0 [pid 5681] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5681] write(3, "1000", 4) = 4 [pid 5681] close(3) = 0 [pid 5681] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5681] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5681] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5681] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5681] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5682 attached , parent_tid=[5682], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5682 [pid 5682] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5681] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5682] memfd_create("syzkaller", 0) = 3 [pid 5681] <... futex resumed>) = 0 [pid 5682] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5681] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5682] <... mmap resumed>) = 0x7f2656609000 [pid 5682] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5682] munmap(0x7f2656609000, 131072) = 0 [pid 5682] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5682] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5682] close(3) = 0 [pid 5682] mkdir("./file2", 0777) = 0 [pid 5682] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5682] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5682] chdir("./file2") = 0 [pid 5682] ioctl(4, LOOP_CLR_FD) = 0 [pid 5682] close(4) = 0 [pid 5682] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5682] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5681] <... futex resumed>) = 0 [pid 5681] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5682] <... futex resumed>) = 0 [pid 5681] <... futex resumed>) = 1 [pid 5682] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5681] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5682] <... openat resumed>) = 4 [pid 5682] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5681] <... futex resumed>) = 0 [pid 5682] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5681] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5682] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5681] <... futex resumed>) = 0 [pid 5682] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5681] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5682] <... openat resumed>) = 5 [pid 5682] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5681] <... futex resumed>) = 0 [pid 5682] write(4, "\x00\x00", 2 [pid 5681] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5682] <... write resumed>) = 2 [pid 5681] <... futex resumed>) = 0 [pid 5682] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5681] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5681] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5681] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5682] <... futex resumed>) = 0 [pid 5681] <... futex resumed>) = 0 [pid 5682] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5681] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5682] <... mmap resumed>) = 0x20000000 [pid 5681] <... mmap resumed>) = 0x7f2656608000 [pid 5681] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5682] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5682] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5681] <... mprotect resumed>) = 0 [pid 5681] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5683 attached , parent_tid=[5683], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5683 [pid 5683] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5683] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5681] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5683] <... futex resumed>) = 0 [pid 5683] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5683] openat(AT_FDCWD, "", O_RDONLY [pid 5681] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5683] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5683] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5681] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5683] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5681] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5682] <... futex resumed>) = 0 [pid 5681] <... futex resumed>) = 1 [pid 5682] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5682] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5682] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5681] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5681] exit_group(0 [pid 5682] <... futex resumed>) = ? [pid 5681] <... exit_group resumed>) = ? [pid 5682] +++ exited with 0 +++ [pid 5683] <... futex resumed>) = ? [pid 5683] +++ exited with 0 +++ [pid 5681] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5681, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./201", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./201", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./201/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./201/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./201/binderfs") = 0 [ 91.417883][ T5682] loop0: detected capacity change from 0 to 256 [ 91.427903][ T5682] exfat: Deprecated parameter 'utf8' [ 91.437823][ T5682] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./201/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./201/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./201/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./201/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./201/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./201/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./201") = 0 mkdir("./202", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5684 ./strace-static-x86_64: Process 5684 attached [pid 5684] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5684] chdir("./202") = 0 [pid 5684] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5684] setpgid(0, 0) = 0 [pid 5684] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5684] write(3, "1000", 4) = 4 [pid 5684] close(3) = 0 [pid 5684] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5684] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5684] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5684] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5684] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5685], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5685 [pid 5684] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5684] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5685 attached [pid 5685] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5685] memfd_create("syzkaller", 0) = 3 [pid 5685] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5685] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5685] munmap(0x7f2656609000, 131072) = 0 [pid 5685] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5685] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5685] close(3) = 0 [pid 5685] mkdir("./file2", 0777) = 0 [pid 5685] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5685] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5685] chdir("./file2") = 0 [pid 5685] ioctl(4, LOOP_CLR_FD) = 0 [pid 5685] close(4) = 0 [pid 5685] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5685] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5684] <... futex resumed>) = 0 [pid 5684] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5685] <... futex resumed>) = 0 [pid 5684] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5685] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5685] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5684] <... futex resumed>) = 0 [pid 5685] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5684] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5684] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5685] <... openat resumed>) = 5 [pid 5685] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5684] <... futex resumed>) = 0 [pid 5684] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5685] write(4, "\x00\x00", 2 [pid 5684] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5685] <... write resumed>) = 2 [pid 5685] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5684] <... futex resumed>) = 0 [pid 5685] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5684] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5684] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5685] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5684] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5685] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5684] <... mmap resumed>) = 0x7f2656608000 [pid 5684] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5685] <... mmap resumed>) = 0x20000000 [pid 5685] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5684] <... mprotect resumed>) = 0 [pid 5685] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5684] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5686], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5686 [pid 5684] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5684] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5686 attached [pid 5686] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5686] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5686] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5686] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5684] <... futex resumed>) = 0 [pid 5684] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5685] <... futex resumed>) = 0 [pid 5684] <... futex resumed>) = 1 [pid 5685] getdents64(-1, [pid 5684] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5685] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5685] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5684] <... futex resumed>) = 0 [pid 5685] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5684] exit_group(0 [pid 5685] <... futex resumed>) = ? [pid 5684] <... exit_group resumed>) = ? [pid 5685] +++ exited with 0 +++ [pid 5686] +++ exited with 0 +++ [pid 5684] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5684, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./202", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./202", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./202/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./202/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./202/binderfs") = 0 [ 91.519425][ T5685] loop0: detected capacity change from 0 to 256 [ 91.529905][ T5685] exfat: Deprecated parameter 'utf8' [ 91.540828][ T5685] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./202/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./202/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./202/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./202/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./202/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./202/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./202") = 0 mkdir("./203", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5687 attached , child_tidptr=0x555556b3a6d0) = 5687 [pid 5687] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5687] chdir("./203") = 0 [pid 5687] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5687] setpgid(0, 0) = 0 [pid 5687] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5687] write(3, "1000", 4) = 4 [pid 5687] close(3) = 0 [pid 5687] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5687] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5687] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5687] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5687] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5688 attached , parent_tid=[5688], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5688 [pid 5688] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5688] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5687] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5688] <... futex resumed>) = 0 [pid 5687] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5688] memfd_create("syzkaller", 0) = 3 [pid 5688] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5688] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5688] munmap(0x7f2656609000, 131072) = 0 [pid 5688] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5688] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5688] close(3) = 0 [pid 5688] mkdir("./file2", 0777) = 0 [pid 5688] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5688] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5688] chdir("./file2") = 0 [pid 5688] ioctl(4, LOOP_CLR_FD) = 0 [pid 5688] close(4) = 0 [pid 5688] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5687] <... futex resumed>) = 0 [pid 5687] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5687] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5688] <... futex resumed>) = 1 [pid 5688] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5688] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5687] <... futex resumed>) = 0 [pid 5687] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5687] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5688] <... futex resumed>) = 1 [pid 5688] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5688] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5687] <... futex resumed>) = 0 [pid 5688] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5687] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5688] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5687] <... futex resumed>) = 0 [pid 5688] write(4, "\x00\x00", 2 [pid 5687] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5688] <... write resumed>) = 2 [pid 5688] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5687] <... futex resumed>) = 0 [pid 5688] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5687] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5688] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5687] <... futex resumed>) = 0 [pid 5688] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5687] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5688] <... mmap resumed>) = 0x20000000 [pid 5687] <... futex resumed>) = 0 [pid 5688] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5687] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5688] <... futex resumed>) = 0 [pid 5687] <... mmap resumed>) = 0x7f2656608000 [pid 5688] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5687] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5687] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5689], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5689 ./strace-static-x86_64: Process 5689 attached [pid 5689] set_robust_list(0x7f26566289e0, 24 [pid 5687] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5689] <... set_robust_list resumed>) = 0 [pid 5689] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5689] openat(AT_FDCWD, "", O_RDONLY [pid 5687] <... futex resumed>) = 0 [pid 5689] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5689] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5689] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5687] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5687] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5688] <... futex resumed>) = 0 [pid 5687] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5688] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5688] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5687] <... futex resumed>) = 0 [pid 5688] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5687] exit_group(0 [pid 5688] <... futex resumed>) = ? [pid 5687] <... exit_group resumed>) = ? [pid 5688] +++ exited with 0 +++ [pid 5689] <... futex resumed>) = ? [pid 5689] +++ exited with 0 +++ [pid 5687] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5687, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./203", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./203", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./203/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./203/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./203/binderfs") = 0 umount2("./203/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./203/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./203/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./203/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./203/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./203/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./203") = 0 [ 91.653296][ T5688] loop0: detected capacity change from 0 to 256 [ 91.662347][ T5688] exfat: Deprecated parameter 'utf8' [ 91.672207][ T5688] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) mkdir("./204", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5690 ./strace-static-x86_64: Process 5690 attached [pid 5690] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5690] chdir("./204") = 0 [pid 5690] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5690] setpgid(0, 0) = 0 [pid 5690] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5690] write(3, "1000", 4) = 4 [pid 5690] close(3) = 0 [pid 5690] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5690] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5690] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5690] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5690] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5691 attached [pid 5691] set_robust_list(0x7f265ea299e0, 24 [pid 5690] <... clone resumed>, parent_tid=[5691], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5691 [pid 5691] <... set_robust_list resumed>) = 0 [pid 5690] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5690] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5691] memfd_create("syzkaller", 0) = 3 [pid 5691] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5691] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5691] munmap(0x7f2656609000, 131072) = 0 [pid 5691] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5691] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5691] close(3) = 0 [pid 5691] mkdir("./file2", 0777) = 0 [pid 5691] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5691] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5691] chdir("./file2") = 0 [pid 5691] ioctl(4, LOOP_CLR_FD) = 0 [pid 5691] close(4) = 0 [pid 5691] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5691] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5690] <... futex resumed>) = 0 [pid 5690] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5691] <... futex resumed>) = 0 [pid 5690] <... futex resumed>) = 1 [pid 5691] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5690] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5691] <... openat resumed>) = 4 [pid 5691] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5690] <... futex resumed>) = 0 [pid 5691] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5690] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5691] <... openat resumed>) = 5 [pid 5690] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5691] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5690] <... futex resumed>) = 0 [pid 5691] write(4, "\x00\x00", 2 [pid 5690] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5691] <... write resumed>) = 2 [pid 5690] <... futex resumed>) = 0 [pid 5691] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5690] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5691] <... futex resumed>) = 0 [pid 5690] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5691] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5690] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5691] <... mmap resumed>) = 0x20000000 [pid 5690] <... futex resumed>) = 0 [pid 5691] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5690] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5691] <... futex resumed>) = 0 [pid 5690] <... futex resumed>) = 0 [pid 5691] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5690] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5690] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5690] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5692], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5692 [pid 5690] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5690] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5692 attached [pid 5692] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5692] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5692] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5692] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5690] <... futex resumed>) = 0 [pid 5690] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5691] <... futex resumed>) = 0 [pid 5690] <... futex resumed>) = 1 [pid 5691] getdents64(-1, [pid 5690] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5691] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5691] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5690] <... futex resumed>) = 0 [pid 5692] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5691] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5690] exit_group(0 [pid 5691] <... futex resumed>) = ? [pid 5690] <... exit_group resumed>) = ? [pid 5692] <... futex resumed>) = ? [pid 5691] +++ exited with 0 +++ [pid 5692] +++ exited with 0 +++ [pid 5690] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5690, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./204", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./204", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./204/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./204/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./204/binderfs") = 0 [ 91.770022][ T5691] loop0: detected capacity change from 0 to 256 [ 91.781044][ T5691] exfat: Deprecated parameter 'utf8' [ 91.793032][ T5691] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./204/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./204/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./204/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./204/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./204/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./204/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./204") = 0 mkdir("./205", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5693 ./strace-static-x86_64: Process 5693 attached [pid 5693] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5693] chdir("./205") = 0 [pid 5693] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5693] setpgid(0, 0) = 0 [pid 5693] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5693] write(3, "1000", 4) = 4 [pid 5693] close(3) = 0 [pid 5693] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5693] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5693] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5693] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5693] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5694], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5694 [pid 5693] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5693] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5694 attached [pid 5694] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5694] memfd_create("syzkaller", 0) = 3 [pid 5694] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5694] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5694] munmap(0x7f2656609000, 131072) = 0 [pid 5694] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5694] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5694] close(3) = 0 [pid 5694] mkdir("./file2", 0777) = 0 [pid 5694] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5694] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5694] chdir("./file2") = 0 [pid 5694] ioctl(4, LOOP_CLR_FD) = 0 [pid 5694] close(4) = 0 [pid 5694] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5693] <... futex resumed>) = 0 [pid 5694] <... futex resumed>) = 1 [pid 5693] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5693] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5694] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5694] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5693] <... futex resumed>) = 0 [pid 5694] <... futex resumed>) = 1 [pid 5693] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5694] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5693] <... futex resumed>) = 0 [pid 5693] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5694] <... openat resumed>) = 5 [pid 5694] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5693] <... futex resumed>) = 0 [pid 5694] <... futex resumed>) = 1 [pid 5693] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5693] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5694] write(4, "\x00\x00", 2) = 2 [pid 5694] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5693] <... futex resumed>) = 0 [pid 5693] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5693] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5694] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5693] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5694] <... mmap resumed>) = 0x20000000 [pid 5694] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5693] <... mmap resumed>) = 0x7f2656608000 [pid 5693] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5694] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5693] <... mprotect resumed>) = 0 [pid 5693] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5695 attached , parent_tid=[5695], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5695 [pid 5695] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5695] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5693] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5693] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5695] <... futex resumed>) = 0 [pid 5695] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5695] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5695] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5693] <... futex resumed>) = 0 [pid 5693] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5693] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5694] <... futex resumed>) = 0 [pid 5694] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5694] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5693] <... futex resumed>) = 0 [pid 5693] exit_group(0) = ? [pid 5694] <... futex resumed>) = ? [pid 5694] +++ exited with 0 +++ [pid 5695] <... futex resumed>) = ? [pid 5695] +++ exited with 0 +++ [pid 5693] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5693, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./205", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./205", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./205/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./205/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./205/binderfs") = 0 [ 91.873104][ T5694] loop0: detected capacity change from 0 to 256 [ 91.879070][ T5080] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 91.882480][ T5694] exfat: Deprecated parameter 'utf8' [ 91.902755][ T5694] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./205/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./205/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./205/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./205/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./205/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./205/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./205") = 0 mkdir("./206", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5696 ./strace-static-x86_64: Process 5696 attached [pid 5696] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5696] chdir("./206") = 0 [pid 5696] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5696] setpgid(0, 0) = 0 [pid 5696] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5696] write(3, "1000", 4) = 4 [pid 5696] close(3) = 0 [pid 5696] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5696] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5696] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5696] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5696] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5697 attached , parent_tid=[5697], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5697 [pid 5697] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5697] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5696] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5697] <... futex resumed>) = 0 [pid 5697] memfd_create("syzkaller", 0 [pid 5696] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5697] <... memfd_create resumed>) = 3 [pid 5697] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5697] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5697] munmap(0x7f2656609000, 131072) = 0 [pid 5697] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5697] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5697] close(3) = 0 [pid 5697] mkdir("./file2", 0777) = 0 [pid 5697] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5697] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5697] chdir("./file2") = 0 [pid 5697] ioctl(4, LOOP_CLR_FD) = 0 [pid 5697] close(4) = 0 [pid 5697] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5696] <... futex resumed>) = 0 [pid 5697] <... futex resumed>) = 1 [pid 5696] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5697] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5696] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5697] <... openat resumed>) = 4 [pid 5697] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5696] <... futex resumed>) = 0 [pid 5696] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5696] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5697] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5697] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5696] <... futex resumed>) = 0 [pid 5696] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5696] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5697] write(4, "\x00\x00", 2) = 2 [pid 5697] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5696] <... futex resumed>) = 0 [pid 5696] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5696] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5696] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5696] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5697] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5696] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5698 attached , parent_tid=[5698], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5698 [pid 5698] set_robust_list(0x7f26566289e0, 24 [pid 5696] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5698] <... set_robust_list resumed>) = 0 [pid 5696] <... futex resumed>) = 0 [pid 5698] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5696] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5697] <... mmap resumed>) = 0x20000000 [pid 5698] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5698] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5696] <... futex resumed>) = 0 [pid 5696] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5697] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5696] <... futex resumed>) = 0 [pid 5696] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5697] <... futex resumed>) = 0 [pid 5698] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5698] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5697] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5698] <... futex resumed>) = 1 [pid 5696] <... futex resumed>) = 0 [pid 5696] exit_group(0 [pid 5697] <... futex resumed>) = ? [pid 5696] <... exit_group resumed>) = ? [pid 5698] +++ exited with 0 +++ [pid 5697] +++ exited with 0 +++ [pid 5696] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5696, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./206", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./206", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./206/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./206/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./206/binderfs") = 0 [ 92.027026][ T5697] loop0: detected capacity change from 0 to 256 [ 92.036554][ T5697] exfat: Deprecated parameter 'utf8' [ 92.047534][ T5697] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./206/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./206/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./206/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./206/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./206/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./206/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./206") = 0 mkdir("./207", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5699 ./strace-static-x86_64: Process 5699 attached [pid 5699] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5699] chdir("./207") = 0 [pid 5699] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5699] setpgid(0, 0) = 0 [pid 5699] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5699] write(3, "1000", 4) = 4 [pid 5699] close(3) = 0 [pid 5699] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5699] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5699] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5699] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5699] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5700], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5700 [pid 5699] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5699] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5700 attached [pid 5700] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5700] memfd_create("syzkaller", 0) = 3 [pid 5700] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5700] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5700] munmap(0x7f2656609000, 131072) = 0 [pid 5700] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5700] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5700] close(3) = 0 [ 92.130852][ T5700] loop0: detected capacity change from 0 to 256 [ 92.137199][ T5080] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 92.137295][ T5080] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 92.137324][ T5080] Buffer I/O error on dev loop0, logical block 0, async page read [ 92.137398][ T5080] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [pid 5700] mkdir("./file2", 0777) = 0 [pid 5700] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5700] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5700] chdir("./file2") = 0 [pid 5700] ioctl(4, LOOP_CLR_FD) = 0 [pid 5700] close(4) = 0 [pid 5700] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5699] <... futex resumed>) = 0 [pid 5700] <... futex resumed>) = 1 [pid 5699] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5699] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5700] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5700] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5699] <... futex resumed>) = 0 [pid 5700] <... futex resumed>) = 1 [pid 5699] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5700] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5699] <... futex resumed>) = 0 [pid 5699] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5700] <... openat resumed>) = 5 [pid 5700] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5699] <... futex resumed>) = 0 [pid 5700] write(4, "\x00\x00", 2 [pid 5699] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5699] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5700] <... write resumed>) = 2 [pid 5700] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5699] <... futex resumed>) = 0 [pid 5700] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5699] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5700] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5699] <... futex resumed>) = 0 [pid 5700] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5699] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5699] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5700] <... mmap resumed>) = 0x20000000 [pid 5700] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5699] <... mmap resumed>) = 0x7f2656608000 [pid 5700] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5699] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5699] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5701 attached , parent_tid=[5701], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5701 [pid 5701] set_robust_list(0x7f26566289e0, 24 [pid 5699] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5701] <... set_robust_list resumed>) = 0 [pid 5699] <... futex resumed>) = 0 [pid 5701] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5699] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5701] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5701] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5699] <... futex resumed>) = 0 [pid 5701] <... futex resumed>) = 1 [pid 5699] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5701] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5699] <... futex resumed>) = 1 [pid 5699] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5700] <... futex resumed>) = 0 [pid 5700] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5700] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5700] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5699] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5699] exit_group(0) = ? [pid 5700] <... futex resumed>) = ? [pid 5700] +++ exited with 0 +++ [pid 5701] <... futex resumed>) = ? [pid 5701] +++ exited with 0 +++ [pid 5699] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5699, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./207", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./207", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./207/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./207/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./207/binderfs") = 0 [ 92.174173][ T5080] Buffer I/O error on dev loop0, logical block 0, async page read [ 92.177055][ T5700] exfat: Deprecated parameter 'utf8' [ 92.192974][ T5700] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./207/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./207/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./207/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./207/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./207/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./207/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./207") = 0 mkdir("./208", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5702 ./strace-static-x86_64: Process 5702 attached [pid 5702] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5702] chdir("./208") = 0 [pid 5702] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5702] setpgid(0, 0) = 0 [pid 5702] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5702] write(3, "1000", 4) = 4 [pid 5702] close(3) = 0 [pid 5702] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5702] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5702] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5702] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5702] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5703], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5703 [pid 5702] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5702] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5703 attached [pid 5703] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5703] memfd_create("syzkaller", 0) = 3 [pid 5703] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5703] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5703] munmap(0x7f2656609000, 131072) = 0 [pid 5703] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5703] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5703] close(3) = 0 [pid 5703] mkdir("./file2", 0777) = 0 [pid 5703] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5703] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5703] chdir("./file2") = 0 [pid 5703] ioctl(4, LOOP_CLR_FD) = 0 [pid 5703] close(4) = 0 [pid 5703] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5702] <... futex resumed>) = 0 [pid 5703] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5702] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5702] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5703] <... openat resumed>) = 4 [pid 5703] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5702] <... futex resumed>) = 0 [pid 5702] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5702] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5703] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5703] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5702] <... futex resumed>) = 0 [pid 5702] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5702] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5703] write(4, "\x00\x00", 2) = 2 [pid 5703] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5702] <... futex resumed>) = 0 [pid 5702] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5702] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5702] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5703] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5702] <... mmap resumed>) = 0x7f2656608000 [pid 5702] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5703] <... mmap resumed>) = 0x20000000 [pid 5702] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5703] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5702] <... clone resumed>, parent_tid=[5704], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5704 [pid 5702] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5702] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5704 attached [pid 5704] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5704] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5704] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5704] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5702] <... futex resumed>) = 0 [pid 5702] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5702] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5703] <... futex resumed>) = 0 [pid 5704] <... futex resumed>) = 1 [pid 5703] getdents64(-1, [pid 5704] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5703] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5703] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5702] <... futex resumed>) = 0 [pid 5702] exit_group(0) = ? [pid 5704] <... futex resumed>) = ? [pid 5703] +++ exited with 0 +++ [pid 5704] +++ exited with 0 +++ [pid 5702] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5702, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./208", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./208", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./208/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./208/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./208/binderfs") = 0 [ 92.281529][ T5703] loop0: detected capacity change from 0 to 256 [ 92.290283][ T5703] exfat: Deprecated parameter 'utf8' [ 92.301291][ T5703] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./208/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./208/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./208/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./208/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./208/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./208/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./208") = 0 mkdir("./209", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5705 ./strace-static-x86_64: Process 5705 attached [pid 5705] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5705] chdir("./209") = 0 [pid 5705] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5705] setpgid(0, 0) = 0 [pid 5705] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5705] write(3, "1000", 4) = 4 [pid 5705] close(3) = 0 [pid 5705] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5705] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5705] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5705] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5705] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5706 attached , parent_tid=[5706], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5706 [pid 5705] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5705] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5706] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5706] memfd_create("syzkaller", 0) = 3 [pid 5706] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5706] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5706] munmap(0x7f2656609000, 131072) = 0 [pid 5706] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5706] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5706] close(3) = 0 [pid 5706] mkdir("./file2", 0777) = 0 [pid 5706] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5706] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5706] chdir("./file2") = 0 [pid 5706] ioctl(4, LOOP_CLR_FD) = 0 [pid 5706] close(4) = 0 [pid 5706] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5705] <... futex resumed>) = 0 [pid 5706] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5705] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5706] <... futex resumed>) = 0 [pid 5705] <... futex resumed>) = 1 [pid 5706] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5705] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5706] <... openat resumed>) = 4 [pid 5706] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5705] <... futex resumed>) = 0 [pid 5706] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5705] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5706] <... openat resumed>) = 5 [pid 5705] <... futex resumed>) = 0 [pid 5706] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5705] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5705] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5706] <... futex resumed>) = 0 [pid 5705] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5706] write(4, "\x00\x00", 2) = 2 [pid 5706] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5706] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5705] <... futex resumed>) = 0 [pid 5705] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5706] <... futex resumed>) = 0 [pid 5705] <... futex resumed>) = 1 [pid 5706] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5705] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5705] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5706] <... mmap resumed>) = 0x20000000 [pid 5706] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5705] <... mmap resumed>) = 0x7f2656608000 [pid 5706] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5705] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5705] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5707 attached , parent_tid=[5707], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5707 [pid 5707] set_robust_list(0x7f26566289e0, 24 [pid 5705] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5707] <... set_robust_list resumed>) = 0 [pid 5705] <... futex resumed>) = 0 [pid 5705] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5707] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5707] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5707] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5705] <... futex resumed>) = 0 [pid 5707] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5705] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5706] <... futex resumed>) = 0 [pid 5705] <... futex resumed>) = 1 [pid 5705] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5706] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5706] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5705] <... futex resumed>) = 0 [pid 5706] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5705] exit_group(0 [pid 5706] <... futex resumed>) = ? [pid 5707] <... futex resumed>) = ? [pid 5705] <... exit_group resumed>) = ? [pid 5707] +++ exited with 0 +++ [pid 5706] +++ exited with 0 +++ [pid 5705] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5705, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./209", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./209", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./209/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./209/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./209/binderfs") = 0 umount2("./209/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 92.414522][ T5706] loop0: detected capacity change from 0 to 256 [ 92.424268][ T5706] exfat: Deprecated parameter 'utf8' [ 92.434361][ T5706] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./209/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./209/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./209/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./209/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./209/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./209") = 0 mkdir("./210", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5708 ./strace-static-x86_64: Process 5708 attached [pid 5708] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5708] chdir("./210") = 0 [pid 5708] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5708] setpgid(0, 0) = 0 [pid 5708] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5708] write(3, "1000", 4) = 4 [pid 5708] close(3) = 0 [pid 5708] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5708] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5708] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5708] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5708] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5709 attached , parent_tid=[5709], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5709 [pid 5709] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5709] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5708] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5709] <... futex resumed>) = 0 [pid 5708] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5709] memfd_create("syzkaller", 0) = 3 [pid 5709] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5709] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5709] munmap(0x7f2656609000, 131072) = 0 [pid 5709] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5709] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5709] close(3) = 0 [pid 5709] mkdir("./file2", 0777) = 0 [pid 5709] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5709] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5709] chdir("./file2") = 0 [pid 5709] ioctl(4, LOOP_CLR_FD) = 0 [pid 5709] close(4) = 0 [pid 5709] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5708] <... futex resumed>) = 0 [pid 5709] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5708] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5708] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5709] <... openat resumed>) = 4 [pid 5709] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5708] <... futex resumed>) = 0 [pid 5708] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5708] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5709] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5709] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5708] <... futex resumed>) = 0 [pid 5708] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5708] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5709] write(4, "\x00\x00", 2) = 2 [pid 5709] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5708] <... futex resumed>) = 0 [pid 5708] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5708] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5708] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5709] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5708] <... mmap resumed>) = 0x7f2656608000 [pid 5708] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5709] <... mmap resumed>) = 0x20000000 [pid 5708] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5710], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5710 [pid 5709] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5708] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5709] <... futex resumed>) = 0 [pid 5708] <... futex resumed>) = 0 [pid 5708] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5709] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5710 attached [pid 5710] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5710] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5710] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5710] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5708] <... futex resumed>) = 0 [pid 5708] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5709] <... futex resumed>) = 0 [pid 5708] <... futex resumed>) = 1 [pid 5709] getdents64(-1, [pid 5708] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5709] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5709] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5709] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5708] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5708] exit_group(0) = ? [pid 5709] <... futex resumed>) = ? [pid 5710] <... futex resumed>) = ? [pid 5709] +++ exited with 0 +++ [pid 5710] +++ exited with 0 +++ [pid 5708] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5708, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./210", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 92.548587][ T5709] loop0: detected capacity change from 0 to 256 [ 92.557536][ T5709] exfat: Deprecated parameter 'utf8' [ 92.568224][ T5709] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) openat(AT_FDCWD, "./210", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./210/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./210/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./210/binderfs") = 0 umount2("./210/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./210/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./210/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./210/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./210/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./210/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./210") = 0 mkdir("./211", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5711 ./strace-static-x86_64: Process 5711 attached [pid 5711] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5711] chdir("./211") = 0 [pid 5711] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5711] setpgid(0, 0) = 0 [pid 5711] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5711] write(3, "1000", 4) = 4 [pid 5711] close(3) = 0 [pid 5711] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5711] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5711] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5711] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5711] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5712], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5712 [pid 5711] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5711] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5712 attached [pid 5712] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5712] memfd_create("syzkaller", 0) = 3 [pid 5712] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5712] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5712] munmap(0x7f2656609000, 131072) = 0 [pid 5712] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5712] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5712] close(3) = 0 [pid 5712] mkdir("./file2", 0777) = 0 [pid 5712] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5712] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5712] chdir("./file2") = 0 [pid 5712] ioctl(4, LOOP_CLR_FD) = 0 [pid 5712] close(4) = 0 [pid 5712] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5711] <... futex resumed>) = 0 [pid 5711] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5711] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5712] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5712] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5711] <... futex resumed>) = 0 [pid 5712] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5711] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5712] <... openat resumed>) = 5 [pid 5711] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5712] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5711] <... futex resumed>) = 0 [pid 5712] write(4, "\x00\x00", 2 [pid 5711] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5712] <... write resumed>) = 2 [pid 5711] <... futex resumed>) = 0 [pid 5712] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5711] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5712] <... futex resumed>) = 0 [pid 5711] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5712] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5711] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5712] <... mmap resumed>) = 0x20000000 [pid 5711] <... futex resumed>) = 0 [pid 5712] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5711] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5712] <... futex resumed>) = 0 [pid 5711] <... futex resumed>) = 0 [pid 5712] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5711] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5711] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5711] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5713], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5713 [pid 5711] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5711] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5713 attached [pid 5713] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5713] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5713] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5713] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5711] <... futex resumed>) = 0 [pid 5711] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5712] <... futex resumed>) = 0 [pid 5711] <... futex resumed>) = 1 [pid 5712] getdents64(-1, [pid 5711] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5712] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5712] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5711] <... futex resumed>) = 0 [pid 5712] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5711] exit_group(0 [pid 5712] <... futex resumed>) = ? [pid 5711] <... exit_group resumed>) = ? [pid 5712] +++ exited with 0 +++ [pid 5713] <... futex resumed>) = ? [pid 5713] +++ exited with 0 +++ [pid 5711] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5711, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./211", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./211", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./211/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./211/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./211/binderfs") = 0 umount2("./211/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./211/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 92.667103][ T5712] loop0: detected capacity change from 0 to 256 [ 92.677289][ T5712] exfat: Deprecated parameter 'utf8' [ 92.688243][ T5712] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) lstat("./211/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./211/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./211/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./211/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./211") = 0 mkdir("./212", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5714 ./strace-static-x86_64: Process 5714 attached [pid 5714] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5714] chdir("./212") = 0 [pid 5714] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5714] setpgid(0, 0) = 0 [pid 5714] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5714] write(3, "1000", 4) = 4 [pid 5714] close(3) = 0 [pid 5714] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5714] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5714] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5714] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5714] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5715], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5715 [pid 5714] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5714] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5715 attached [pid 5715] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5715] memfd_create("syzkaller", 0) = 3 [pid 5715] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5715] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5715] munmap(0x7f2656609000, 131072) = 0 [pid 5715] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5715] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5715] close(3) = 0 [pid 5715] mkdir("./file2", 0777) = 0 [pid 5715] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5715] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5715] chdir("./file2") = 0 [pid 5715] ioctl(4, LOOP_CLR_FD) = 0 [pid 5715] close(4) = 0 [pid 5715] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5714] <... futex resumed>) = 0 [pid 5715] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5714] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5715] <... openat resumed>) = 4 [pid 5714] <... futex resumed>) = 0 [pid 5714] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5715] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5714] <... futex resumed>) = 0 [pid 5715] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5714] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5714] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5715] <... openat resumed>) = 5 [pid 5715] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5714] <... futex resumed>) = 0 [pid 5715] write(4, "\x00\x00", 2 [pid 5714] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5715] <... write resumed>) = 2 [pid 5714] <... futex resumed>) = 0 [pid 5715] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5714] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5715] <... futex resumed>) = 0 [pid 5714] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5715] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5714] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5715] <... mmap resumed>) = 0x20000000 [pid 5714] <... futex resumed>) = 0 [pid 5714] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5714] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5715] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5714] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5715] <... futex resumed>) = 0 [pid 5714] <... mprotect resumed>) = 0 [pid 5715] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5714] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5716], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5716 [pid 5714] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5714] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5716 attached [pid 5716] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5716] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5716] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5716] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5714] <... futex resumed>) = 0 [pid 5716] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5714] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5715] <... futex resumed>) = 0 [pid 5714] <... futex resumed>) = 1 [pid 5715] getdents64(-1, [pid 5714] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5715] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5715] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5714] <... futex resumed>) = 0 [pid 5715] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5714] exit_group(0 [pid 5716] <... futex resumed>) = ? [pid 5715] <... futex resumed>) = ? [pid 5714] <... exit_group resumed>) = ? [pid 5716] +++ exited with 0 +++ [pid 5715] +++ exited with 0 +++ [pid 5714] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5714, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./212", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./212", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./212/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./212/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./212/binderfs") = 0 umount2("./212/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./212/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./212/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./212/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 92.790050][ T5715] loop0: detected capacity change from 0 to 256 [ 92.801005][ T5715] exfat: Deprecated parameter 'utf8' [ 92.812372][ T5715] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) openat(AT_FDCWD, "./212/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./212/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./212") = 0 mkdir("./213", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5717 ./strace-static-x86_64: Process 5717 attached [pid 5717] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5717] chdir("./213") = 0 [pid 5717] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5717] setpgid(0, 0) = 0 [pid 5717] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5717] write(3, "1000", 4) = 4 [pid 5717] close(3) = 0 [pid 5717] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5717] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5717] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5717] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5717] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5718 attached , parent_tid=[5718], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5718 [pid 5718] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5718] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5717] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5718] <... futex resumed>) = 0 [pid 5717] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5718] memfd_create("syzkaller", 0) = 3 [pid 5718] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5718] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5718] munmap(0x7f2656609000, 131072) = 0 [pid 5718] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5718] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5718] close(3) = 0 [pid 5718] mkdir("./file2", 0777) = 0 [pid 5718] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5718] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5718] chdir("./file2") = 0 [pid 5718] ioctl(4, LOOP_CLR_FD) = 0 [pid 5718] close(4) = 0 [pid 5718] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5717] <... futex resumed>) = 0 [pid 5717] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5717] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5718] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5718] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5717] <... futex resumed>) = 0 [pid 5718] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5717] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5717] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5718] <... openat resumed>) = 5 [pid 5718] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5717] <... futex resumed>) = 0 [pid 5718] write(4, "\x00\x00", 2 [pid 5717] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5717] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5718] <... write resumed>) = 2 [pid 5718] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5717] <... futex resumed>) = 0 [pid 5718] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5717] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5717] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5717] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5718] <... mmap resumed>) = 0x20000000 [pid 5717] <... mmap resumed>) = 0x7f2656608000 [pid 5718] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5717] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5718] <... futex resumed>) = 0 [pid 5717] <... mprotect resumed>) = 0 [pid 5718] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5717] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5719], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5719 ./strace-static-x86_64: Process 5719 attached [pid 5719] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5719] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5717] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5719] <... futex resumed>) = 0 [pid 5717] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5719] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5719] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5719] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5717] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5719] <... futex resumed>) = 0 [pid 5719] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5717] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5718] <... futex resumed>) = 0 [pid 5717] <... futex resumed>) = 1 [pid 5718] getdents64(-1, [pid 5717] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5718] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5718] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5717] <... futex resumed>) = 0 [pid 5717] exit_group(0) = ? [pid 5719] <... futex resumed>) = ? [pid 5719] +++ exited with 0 +++ [pid 5718] +++ exited with 0 +++ [pid 5717] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5717, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./213", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./213", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./213/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./213/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./213/binderfs") = 0 umount2("./213/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./213/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 92.901445][ T5718] loop0: detected capacity change from 0 to 256 [ 92.910369][ T5718] exfat: Deprecated parameter 'utf8' [ 92.920753][ T5718] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) lstat("./213/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./213/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./213/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./213/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./213") = 0 mkdir("./214", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5720 ./strace-static-x86_64: Process 5720 attached [pid 5720] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5720] chdir("./214") = 0 [pid 5720] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5720] setpgid(0, 0) = 0 [pid 5720] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5720] write(3, "1000", 4) = 4 [pid 5720] close(3) = 0 [pid 5720] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5720] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5720] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5720] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5720] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5721 attached , parent_tid=[5721], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5721 [pid 5720] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5720] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5721] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5721] memfd_create("syzkaller", 0) = 3 [pid 5721] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5721] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5721] munmap(0x7f2656609000, 131072) = 0 [pid 5721] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5721] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5721] close(3) = 0 [pid 5721] mkdir("./file2", 0777) = 0 [pid 5721] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5721] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5721] chdir("./file2") = 0 [pid 5721] ioctl(4, LOOP_CLR_FD) = 0 [pid 5721] close(4) = 0 [pid 5721] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5720] <... futex resumed>) = 0 [pid 5720] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5720] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5721] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5721] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5720] <... futex resumed>) = 0 [pid 5720] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5720] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5721] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5721] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5720] <... futex resumed>) = 0 [pid 5720] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5720] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5721] write(4, "\x00\x00", 2) = 2 [pid 5721] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5720] <... futex resumed>) = 0 [pid 5720] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5720] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5720] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5720] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5721] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5720] <... mprotect resumed>) = 0 [pid 5720] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5722], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5722 ./strace-static-x86_64: Process 5722 attached [pid 5721] <... mmap resumed>) = 0x20000000 [pid 5720] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5720] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5722] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5722] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5722] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5722] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5720] <... futex resumed>) = 0 [pid 5720] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5720] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5722] <... futex resumed>) = 1 [pid 5722] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5722] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5720] <... futex resumed>) = 0 [pid 5722] <... futex resumed>) = 1 [pid 5721] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5722] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5721] <... futex resumed>) = 0 [pid 5721] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5720] exit_group(0) = ? [pid 5722] <... futex resumed>) = ? [pid 5722] +++ exited with 0 +++ [pid 5721] <... futex resumed>) = ? [pid 5721] +++ exited with 0 +++ [pid 5720] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5720, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./214", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./214", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./214/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./214/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./214/binderfs") = 0 umount2("./214/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./214/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./214/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./214/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./214/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 [ 93.030128][ T5721] loop0: detected capacity change from 0 to 256 [ 93.039895][ T5721] exfat: Deprecated parameter 'utf8' [ 93.050008][ T5721] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./214/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./214") = 0 mkdir("./215", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5723 ./strace-static-x86_64: Process 5723 attached [pid 5723] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5723] chdir("./215") = 0 [pid 5723] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5723] setpgid(0, 0) = 0 [pid 5723] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5723] write(3, "1000", 4) = 4 [pid 5723] close(3) = 0 [pid 5723] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5723] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5723] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5723] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5723] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5724 attached , parent_tid=[5724], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5724 [pid 5724] set_robust_list(0x7f265ea299e0, 24 [pid 5723] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5724] <... set_robust_list resumed>) = 0 [pid 5723] <... futex resumed>) = 0 [pid 5724] memfd_create("syzkaller", 0 [pid 5723] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5724] <... memfd_create resumed>) = 3 [pid 5724] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5724] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5724] munmap(0x7f2656609000, 131072) = 0 [pid 5724] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5724] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5724] close(3) = 0 [pid 5724] mkdir("./file2", 0777) = 0 [pid 5724] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5724] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5724] chdir("./file2") = 0 [pid 5724] ioctl(4, LOOP_CLR_FD) = 0 [pid 5724] close(4) = 0 [pid 5724] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5724] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5723] <... futex resumed>) = 0 [pid 5723] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5724] <... futex resumed>) = 0 [pid 5723] <... futex resumed>) = 1 [pid 5724] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5723] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5724] <... openat resumed>) = 4 [pid 5724] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5723] <... futex resumed>) = 0 [pid 5724] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5723] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5724] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5723] <... futex resumed>) = 0 [pid 5724] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5723] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5724] <... openat resumed>) = 5 [pid 5724] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5723] <... futex resumed>) = 0 [pid 5724] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5723] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5724] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5723] <... futex resumed>) = 0 [pid 5724] write(4, "\x00\x00", 2 [pid 5723] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5724] <... write resumed>) = 2 [pid 5724] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5723] <... futex resumed>) = 0 [pid 5724] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5723] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5724] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5723] <... futex resumed>) = 0 [pid 5724] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5723] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5724] <... mmap resumed>) = 0x20000000 [pid 5723] <... futex resumed>) = 0 [pid 5724] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5723] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5724] <... futex resumed>) = 0 [pid 5723] <... mmap resumed>) = 0x7f2656608000 [pid 5724] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5723] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5723] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5725], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5725 ./strace-static-x86_64: Process 5725 attached [pid 5723] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5723] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5725] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5725] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5725] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5725] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5723] <... futex resumed>) = 0 [pid 5725] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5723] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5724] <... futex resumed>) = 0 [pid 5723] <... futex resumed>) = 1 [pid 5724] getdents64(-1, [pid 5723] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5724] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5724] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5723] <... futex resumed>) = 0 [pid 5724] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5723] exit_group(0 [pid 5725] <... futex resumed>) = ? [pid 5724] <... futex resumed>) = ? [pid 5723] <... exit_group resumed>) = ? [pid 5725] +++ exited with 0 +++ [pid 5724] +++ exited with 0 +++ [pid 5723] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5723, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./215", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./215", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./215/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./215/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./215/binderfs") = 0 [ 93.149458][ T5724] loop0: detected capacity change from 0 to 256 [ 93.158556][ T5724] exfat: Deprecated parameter 'utf8' [ 93.169976][ T5724] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./215/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./215/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./215/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./215/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./215/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./215/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./215") = 0 mkdir("./216", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5726 ./strace-static-x86_64: Process 5726 attached [pid 5726] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5726] chdir("./216") = 0 [pid 5726] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5726] setpgid(0, 0) = 0 [pid 5726] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5726] write(3, "1000", 4) = 4 [pid 5726] close(3) = 0 [pid 5726] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5726] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5726] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5726] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5726] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5727 attached , parent_tid=[5727], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5727 [pid 5726] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5726] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5727] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5727] memfd_create("syzkaller", 0) = 3 [pid 5727] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5727] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5727] munmap(0x7f2656609000, 131072) = 0 [pid 5727] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5727] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5727] close(3) = 0 [pid 5727] mkdir("./file2", 0777) = 0 [pid 5727] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5727] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5727] chdir("./file2") = 0 [pid 5727] ioctl(4, LOOP_CLR_FD) = 0 [pid 5727] close(4) = 0 [pid 5727] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5726] <... futex resumed>) = 0 [pid 5727] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5726] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5726] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5727] <... openat resumed>) = 4 [pid 5727] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5726] <... futex resumed>) = 0 [pid 5727] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5726] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5726] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5727] <... openat resumed>) = 5 [pid 5727] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5726] <... futex resumed>) = 0 [pid 5726] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5726] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5727] write(4, "\x00\x00", 2) = 2 [pid 5727] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5726] <... futex resumed>) = 0 [pid 5727] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5726] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5727] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5726] <... futex resumed>) = 0 [pid 5727] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5726] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5727] <... mmap resumed>) = 0x20000000 [pid 5726] <... futex resumed>) = 0 [pid 5727] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5726] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5727] <... futex resumed>) = 0 [pid 5727] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5726] <... mmap resumed>) = 0x7f2656608000 [pid 5726] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5726] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5728], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5728 [pid 5726] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5726] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5728 attached [pid 5728] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5728] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5728] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5728] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5726] <... futex resumed>) = 0 [pid 5726] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5727] <... futex resumed>) = 0 [pid 5726] <... futex resumed>) = 1 [pid 5727] getdents64(-1, [pid 5726] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5727] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5727] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5726] <... futex resumed>) = 0 [pid 5728] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5727] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5726] exit_group(0 [pid 5727] <... futex resumed>) = ? [pid 5726] <... exit_group resumed>) = ? [pid 5728] <... futex resumed>) = ? [pid 5727] +++ exited with 0 +++ [pid 5728] +++ exited with 0 +++ [pid 5726] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5726, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./216", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./216", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./216/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./216/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./216/binderfs") = 0 [ 93.275575][ T5727] loop0: detected capacity change from 0 to 256 [ 93.286880][ T5727] exfat: Deprecated parameter 'utf8' [ 93.297357][ T5727] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./216/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./216/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./216/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./216/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./216/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./216/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./216") = 0 mkdir("./217", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5729 ./strace-static-x86_64: Process 5729 attached [pid 5729] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5729] chdir("./217") = 0 [pid 5729] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5729] setpgid(0, 0) = 0 [pid 5729] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5729] write(3, "1000", 4) = 4 [pid 5729] close(3) = 0 [pid 5729] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5729] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5729] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5729] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5729] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5730], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5730 [pid 5729] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5729] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5730 attached [pid 5730] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5730] memfd_create("syzkaller", 0) = 3 [pid 5730] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5730] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5730] munmap(0x7f2656609000, 131072) = 0 [pid 5730] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5730] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5730] close(3) = 0 [pid 5730] mkdir("./file2", 0777) = 0 [pid 5730] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5730] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5730] chdir("./file2") = 0 [pid 5730] ioctl(4, LOOP_CLR_FD) = 0 [pid 5730] close(4) = 0 [pid 5730] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5729] <... futex resumed>) = 0 [pid 5730] <... futex resumed>) = 1 [pid 5729] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5729] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5730] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5730] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5729] <... futex resumed>) = 0 [pid 5730] <... futex resumed>) = 1 [pid 5729] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5730] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5729] <... futex resumed>) = 0 [pid 5729] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5730] <... openat resumed>) = 5 [pid 5730] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5729] <... futex resumed>) = 0 [pid 5730] <... futex resumed>) = 1 [pid 5729] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5730] write(4, "\x00\x00", 2 [pid 5729] <... futex resumed>) = 0 [pid 5729] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5730] <... write resumed>) = 2 [pid 5730] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5729] <... futex resumed>) = 0 [pid 5730] <... futex resumed>) = 1 [pid 5729] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5729] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5729] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5729] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5729] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5730] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5729] <... clone resumed>, parent_tid=[5731], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5731 [pid 5729] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5729] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5730] <... mmap resumed>) = 0x20000000 [pid 5730] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5730] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5731 attached [pid 5731] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5731] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5731] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5731] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5729] <... futex resumed>) = 0 [pid 5729] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5730] <... futex resumed>) = 0 [pid 5729] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5730] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5730] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5729] <... futex resumed>) = 0 [ 93.380977][ T5730] loop0: detected capacity change from 0 to 256 [ 93.388225][ T5080] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 93.390853][ T5730] exfat: Deprecated parameter 'utf8' [ 93.410016][ T5730] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5730] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5729] exit_group(0) = ? [pid 5730] <... futex resumed>) = ? [pid 5730] +++ exited with 0 +++ [pid 5731] +++ exited with 0 +++ [pid 5729] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5729, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./217", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./217", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./217/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./217/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./217/binderfs") = 0 umount2("./217/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./217/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./217/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./217/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./217/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./217/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./217") = 0 mkdir("./218", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5732 ./strace-static-x86_64: Process 5732 attached [pid 5732] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5732] chdir("./218") = 0 [pid 5732] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5732] setpgid(0, 0) = 0 [pid 5732] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5732] write(3, "1000", 4) = 4 [pid 5732] close(3) = 0 [pid 5732] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5732] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5732] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5732] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5732] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5733], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5733 ./strace-static-x86_64: Process 5733 attached [pid 5732] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5733] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5732] <... futex resumed>) = 0 [pid 5732] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5733] memfd_create("syzkaller", 0) = 3 [pid 5733] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5733] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5733] munmap(0x7f2656609000, 131072) = 0 [pid 5733] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5733] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5733] close(3) = 0 [pid 5733] mkdir("./file2", 0777) = 0 [pid 5733] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5733] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5733] chdir("./file2") = 0 [pid 5733] ioctl(4, LOOP_CLR_FD) = 0 [pid 5733] close(4) = 0 [pid 5733] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5732] <... futex resumed>) = 0 [pid 5732] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5732] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5733] <... futex resumed>) = 1 [pid 5733] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5733] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5732] <... futex resumed>) = 0 [pid 5732] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5732] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5733] <... futex resumed>) = 1 [pid 5733] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5733] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5732] <... futex resumed>) = 0 [pid 5732] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5732] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5733] <... futex resumed>) = 1 [pid 5733] write(4, "\x00\x00", 2) = 2 [pid 5733] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5732] <... futex resumed>) = 0 [pid 5732] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5732] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5732] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5732] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5732] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5734 attached , parent_tid=[5734], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5734 [pid 5732] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5732] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5733] <... futex resumed>) = 1 [pid 5733] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5734] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5733] <... mmap resumed>) = 0x20000000 [pid 5733] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5733] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5734] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5734] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5734] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5732] <... futex resumed>) = 0 [pid 5732] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5733] <... futex resumed>) = 0 [pid 5732] <... futex resumed>) = 1 [pid 5733] getdents64(-1, [pid 5732] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5733] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5733] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5732] <... futex resumed>) = 0 [pid 5733] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5732] exit_group(0) = ? [pid 5733] <... futex resumed>) = ? [pid 5733] +++ exited with 0 +++ [pid 5734] +++ exited with 0 +++ [pid 5732] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5732, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./218", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./218", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./218/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./218/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./218/binderfs") = 0 [ 93.517419][ T5733] loop0: detected capacity change from 0 to 256 [ 93.526886][ T5733] exfat: Deprecated parameter 'utf8' [ 93.538409][ T5733] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./218/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./218/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./218/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./218/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./218/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./218/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./218") = 0 mkdir("./219", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5735 attached , child_tidptr=0x555556b3a6d0) = 5735 [pid 5735] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5735] chdir("./219") = 0 [pid 5735] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5735] setpgid(0, 0) = 0 [pid 5735] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5735] write(3, "1000", 4) = 4 [pid 5735] close(3) = 0 [pid 5735] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5735] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5735] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5735] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5735] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5736 attached [pid 5736] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5736] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5735] <... clone resumed>, parent_tid=[5736], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5736 [pid 5735] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5736] <... futex resumed>) = 0 [pid 5735] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5736] memfd_create("syzkaller", 0) = 3 [pid 5736] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5736] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5736] munmap(0x7f2656609000, 131072) = 0 [pid 5736] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5736] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5736] close(3) = 0 [pid 5736] mkdir("./file2", 0777) = 0 [pid 5736] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5736] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5736] chdir("./file2") = 0 [pid 5736] ioctl(4, LOOP_CLR_FD) = 0 [pid 5736] close(4) = 0 [pid 5736] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5735] <... futex resumed>) = 0 [pid 5735] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5736] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5735] <... futex resumed>) = 0 [pid 5735] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5736] <... openat resumed>) = 4 [pid 5736] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5735] <... futex resumed>) = 0 [pid 5736] <... futex resumed>) = 1 [pid 5735] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5735] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5736] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5736] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5735] <... futex resumed>) = 0 [pid 5735] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5735] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5736] write(4, "\x00\x00", 2) = 2 [pid 5736] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5735] <... futex resumed>) = 0 [pid 5735] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5735] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5735] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5735] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5735] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5737], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5737 [pid 5735] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5737 attached ) = 0 [pid 5737] set_robust_list(0x7f26566289e0, 24 [pid 5735] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5737] <... set_robust_list resumed>) = 0 [pid 5737] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5736] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5737] <... openat resumed>) = 6 [pid 5737] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5736] <... mmap resumed>) = 0x20000000 [pid 5737] <... futex resumed>) = 1 [pid 5737] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5735] <... futex resumed>) = 0 [pid 5735] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5737] <... futex resumed>) = 0 [pid 5735] <... futex resumed>) = 1 [pid 5737] getdents64(6, [pid 5735] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5737] <... getdents64 resumed>NULL, 32776) = -1 EFAULT (Bad address) [pid 5736] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5737] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5736] <... futex resumed>) = 0 [pid 5735] <... futex resumed>) = 0 [pid 5737] <... futex resumed>) = 1 [pid 5736] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5735] exit_group(0) = ? [pid 5736] <... futex resumed>) = ? [pid 5736] +++ exited with 0 +++ [pid 5737] +++ exited with 0 +++ [pid 5735] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5735, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [ 93.660333][ T5736] loop0: detected capacity change from 0 to 256 [ 93.668740][ T5736] exfat: Deprecated parameter 'utf8' [ 93.680212][ T5736] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./219", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./219", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./219/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./219/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./219/binderfs") = 0 umount2("./219/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./219/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./219/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./219/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./219/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./219/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./219") = 0 mkdir("./220", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5738 ./strace-static-x86_64: Process 5738 attached [pid 5738] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5738] chdir("./220") = 0 [pid 5738] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5738] setpgid(0, 0) = 0 [pid 5738] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5738] write(3, "1000", 4) = 4 [pid 5738] close(3) = 0 [pid 5738] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5738] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5738] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5738] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5738] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5739 attached , parent_tid=[5739], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5739 [pid 5739] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5739] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5738] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5739] <... futex resumed>) = 0 [pid 5739] memfd_create("syzkaller", 0 [pid 5738] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5739] <... memfd_create resumed>) = 3 [pid 5739] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5739] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5739] munmap(0x7f2656609000, 131072) = 0 [pid 5739] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5739] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5739] close(3) = 0 [pid 5739] mkdir("./file2", 0777) = 0 [pid 5739] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5739] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5739] chdir("./file2") = 0 [pid 5739] ioctl(4, LOOP_CLR_FD) = 0 [pid 5739] close(4) = 0 [pid 5739] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5738] <... futex resumed>) = 0 [pid 5738] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5738] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5739] <... futex resumed>) = 1 [pid 5739] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5739] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5738] <... futex resumed>) = 0 [pid 5738] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5738] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5739] <... futex resumed>) = 1 [pid 5739] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5739] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5738] <... futex resumed>) = 0 [pid 5738] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5739] write(4, "\x00\x00", 2 [pid 5738] <... futex resumed>) = 0 [pid 5739] <... write resumed>) = 2 [pid 5739] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5738] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5739] <... futex resumed>) = 0 [pid 5738] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5739] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5738] <... futex resumed>) = 0 [pid 5738] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5738] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5739] <... mmap resumed>) = 0x20000000 [pid 5738] <... mmap resumed>) = 0x7f2656608000 [pid 5739] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5738] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5739] <... futex resumed>) = 0 [pid 5738] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5739] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5738] <... clone resumed>, parent_tid=[5740], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5740 [pid 5738] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5738] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5740 attached [pid 5740] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5740] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5740] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5740] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5738] <... futex resumed>) = 0 [pid 5740] <... futex resumed>) = 1 [pid 5738] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5740] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5738] <... futex resumed>) = 1 [pid 5738] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5739] <... futex resumed>) = 0 [pid 5739] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5739] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5738] <... futex resumed>) = 0 [pid 5739] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5738] exit_group(0) = ? [pid 5740] <... futex resumed>) = ? [pid 5739] <... futex resumed>) = ? [pid 5739] +++ exited with 0 +++ [pid 5740] +++ exited with 0 +++ [pid 5738] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5738, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./220", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./220", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./220/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./220/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./220/binderfs") = 0 [ 93.785595][ T5739] loop0: detected capacity change from 0 to 256 [ 93.794236][ T5739] exfat: Deprecated parameter 'utf8' [ 93.805423][ T5739] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./220/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./220/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./220/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./220/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./220/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./220/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./220") = 0 mkdir("./221", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5741 attached , child_tidptr=0x555556b3a6d0) = 5741 [pid 5741] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5741] chdir("./221") = 0 [pid 5741] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5741] setpgid(0, 0) = 0 [pid 5741] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5741] write(3, "1000", 4) = 4 [pid 5741] close(3) = 0 [pid 5741] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5741] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5741] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5741] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5741] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5742], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5742 ./strace-static-x86_64: Process 5742 attached [pid 5741] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5741] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5742] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5742] memfd_create("syzkaller", 0) = 3 [pid 5742] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5742] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5742] munmap(0x7f2656609000, 131072) = 0 [pid 5742] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5742] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5742] close(3) = 0 [pid 5742] mkdir("./file2", 0777) = 0 [pid 5742] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5742] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5742] chdir("./file2") = 0 [pid 5742] ioctl(4, LOOP_CLR_FD) = 0 [pid 5742] close(4) = 0 [pid 5742] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5741] <... futex resumed>) = 0 [pid 5741] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5741] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5742] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5742] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5742] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5741] <... futex resumed>) = 0 [pid 5741] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5742] <... futex resumed>) = 0 [pid 5741] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5742] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5742] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5741] <... futex resumed>) = 0 [pid 5742] write(4, "\x00\x00", 2 [pid 5741] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5742] <... write resumed>) = 2 [pid 5741] <... futex resumed>) = 0 [pid 5742] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5741] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5742] <... futex resumed>) = 0 [pid 5741] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5741] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5742] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5741] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5742] <... mmap resumed>) = 0x20000000 [pid 5741] <... futex resumed>) = 0 [pid 5741] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5742] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5742] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5741] <... mmap resumed>) = 0x7f2656608000 [pid 5741] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5741] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5743 attached , parent_tid=[5743], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5743 [pid 5741] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5741] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5743] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5743] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5743] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5743] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5741] <... futex resumed>) = 0 [pid 5743] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5741] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5742] <... futex resumed>) = 0 [pid 5741] <... futex resumed>) = 1 [pid 5742] getdents64(-1, [pid 5741] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5742] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5742] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5741] <... futex resumed>) = 0 [pid 5742] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5741] exit_group(0 [pid 5742] <... futex resumed>) = ? [pid 5741] <... exit_group resumed>) = ? [pid 5742] +++ exited with 0 +++ [pid 5743] <... futex resumed>) = ? [pid 5743] +++ exited with 0 +++ [pid 5741] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5741, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./221", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./221", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./221/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./221/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 93.905750][ T5742] loop0: detected capacity change from 0 to 256 [ 93.915207][ T5742] exfat: Deprecated parameter 'utf8' [ 93.925126][ T5742] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) unlink("./221/binderfs") = 0 umount2("./221/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./221/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./221/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./221/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./221/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./221/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./221") = 0 mkdir("./222", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5744 attached [pid 5744] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5744] chdir("./222") = 0 [pid 5744] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5744] setpgid(0, 0) = 0 [pid 5078] <... clone resumed>, child_tidptr=0x555556b3a6d0) = 5744 [pid 5744] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5744] write(3, "1000", 4) = 4 [pid 5744] close(3) = 0 [pid 5744] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5744] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5744] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5744] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5744] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5745], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5745 [pid 5744] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5744] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5745 attached [pid 5745] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5745] memfd_create("syzkaller", 0) = 3 [pid 5745] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5745] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5745] munmap(0x7f2656609000, 131072) = 0 [pid 5745] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5745] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5745] close(3) = 0 [pid 5745] mkdir("./file2", 0777) = 0 [pid 5745] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5745] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5745] chdir("./file2") = 0 [pid 5745] ioctl(4, LOOP_CLR_FD) = 0 [pid 5745] close(4) = 0 [pid 5745] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5744] <... futex resumed>) = 0 [pid 5745] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5744] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5744] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5745] <... futex resumed>) = 0 [pid 5745] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5745] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5744] <... futex resumed>) = 0 [pid 5745] <... futex resumed>) = 1 [pid 5744] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5745] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5744] <... futex resumed>) = 0 [pid 5744] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5745] <... openat resumed>) = 5 [pid 5745] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5744] <... futex resumed>) = 0 [pid 5745] write(4, "\x00\x00", 2 [pid 5744] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5745] <... write resumed>) = 2 [pid 5744] <... futex resumed>) = 0 [pid 5745] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5744] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5745] <... futex resumed>) = 0 [pid 5744] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5745] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5744] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5745] <... mmap resumed>) = 0x20000000 [pid 5744] <... futex resumed>) = 0 [pid 5744] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5744] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5744] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5744] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5746], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5746 ./strace-static-x86_64: Process 5746 attached [pid 5744] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5746] set_robust_list(0x7f26566289e0, 24 [pid 5744] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5746] <... set_robust_list resumed>) = 0 [pid 5746] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5746] openat(AT_FDCWD, "", O_RDONLY [pid 5745] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5746] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5745] <... futex resumed>) = 0 [pid 5746] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5745] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5746] <... futex resumed>) = 1 [pid 5744] <... futex resumed>) = 0 [pid 5746] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5744] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5745] <... futex resumed>) = 0 [pid 5744] <... futex resumed>) = 1 [pid 5745] getdents64(-1, [pid 5744] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5745] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5745] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5744] <... futex resumed>) = 0 [pid 5744] exit_group(0) = ? [pid 5746] <... futex resumed>) = ? [pid 5746] +++ exited with 0 +++ [pid 5745] +++ exited with 0 +++ [pid 5744] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5744, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./222", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./222", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./222/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./222/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./222/binderfs") = 0 [ 94.010856][ T5745] loop0: detected capacity change from 0 to 256 [ 94.019768][ T5745] exfat: Deprecated parameter 'utf8' [ 94.030259][ T5745] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./222/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./222/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./222/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./222/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./222/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./222/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./222") = 0 mkdir("./223", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5747 ./strace-static-x86_64: Process 5747 attached [pid 5747] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5747] chdir("./223") = 0 [pid 5747] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5747] setpgid(0, 0) = 0 [pid 5747] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5747] write(3, "1000", 4) = 4 [pid 5747] close(3) = 0 [pid 5747] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5747] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5747] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5747] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5747] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5748], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5748 [pid 5747] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5747] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5748 attached [pid 5748] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5748] memfd_create("syzkaller", 0) = 3 [pid 5748] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5748] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5748] munmap(0x7f2656609000, 131072) = 0 [pid 5748] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5748] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5748] close(3) = 0 [pid 5748] mkdir("./file2", 0777) = 0 [pid 5748] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5748] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5748] chdir("./file2") = 0 [pid 5748] ioctl(4, LOOP_CLR_FD) = 0 [pid 5748] close(4) = 0 [pid 5748] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5748] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5747] <... futex resumed>) = 0 [pid 5747] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5748] <... futex resumed>) = 0 [pid 5747] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5748] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5748] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5747] <... futex resumed>) = 0 [pid 5747] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5747] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5748] <... futex resumed>) = 1 [pid 5748] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5748] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5747] <... futex resumed>) = 0 [pid 5747] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5747] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5748] <... futex resumed>) = 1 [pid 5748] write(4, "\x00\x00", 2) = 2 [pid 5748] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5747] <... futex resumed>) = 0 [pid 5747] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5747] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5748] <... futex resumed>) = 1 [pid 5747] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5748] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5747] <... mmap resumed>) = 0x7f2656608000 [pid 5748] <... mmap resumed>) = 0x20000000 [pid 5747] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5747] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5749 attached [pid 5748] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5747] <... clone resumed>, parent_tid=[5749], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5749 [pid 5748] <... futex resumed>) = 0 [pid 5747] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5748] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5747] <... futex resumed>) = 0 [pid 5747] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5749] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5749] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5749] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5749] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5747] <... futex resumed>) = 0 [pid 5749] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5747] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5748] <... futex resumed>) = 0 [pid 5747] <... futex resumed>) = 1 [pid 5748] getdents64(-1, [pid 5747] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5748] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5748] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5747] <... futex resumed>) = 0 [pid 5748] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5747] exit_group(0 [pid 5749] <... futex resumed>) = ? [pid 5748] <... futex resumed>) = ? [pid 5747] <... exit_group resumed>) = ? [pid 5749] +++ exited with 0 +++ [pid 5748] +++ exited with 0 +++ [pid 5747] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5747, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./223", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./223", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./223/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./223/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./223/binderfs") = 0 [ 94.130924][ T5748] loop0: detected capacity change from 0 to 256 [ 94.140290][ T5748] exfat: Deprecated parameter 'utf8' [ 94.150927][ T5748] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./223/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./223/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./223/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./223/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./223/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./223/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./223") = 0 mkdir("./224", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5750 attached , child_tidptr=0x555556b3a6d0) = 5750 [pid 5750] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5750] chdir("./224") = 0 [pid 5750] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5750] setpgid(0, 0) = 0 [pid 5750] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5750] write(3, "1000", 4) = 4 [pid 5750] close(3) = 0 [pid 5750] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5750] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5750] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5750] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5750] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5751], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5751 ./strace-static-x86_64: Process 5751 attached [pid 5751] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5751] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5750] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5751] <... futex resumed>) = 0 [pid 5751] memfd_create("syzkaller", 0 [pid 5750] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5751] <... memfd_create resumed>) = 3 [pid 5751] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5751] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5751] munmap(0x7f2656609000, 131072) = 0 [pid 5751] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5751] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5751] close(3) = 0 [pid 5751] mkdir("./file2", 0777) = 0 [pid 5751] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5751] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5751] chdir("./file2") = 0 [pid 5751] ioctl(4, LOOP_CLR_FD) = 0 [pid 5751] close(4) = 0 [pid 5751] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5750] <... futex resumed>) = 0 [pid 5750] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5751] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5750] <... futex resumed>) = 0 [pid 5750] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5751] <... openat resumed>) = 4 [pid 5751] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5750] <... futex resumed>) = 0 [pid 5751] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5750] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5750] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5751] <... openat resumed>) = 5 [pid 5751] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5750] <... futex resumed>) = 0 [pid 5750] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5750] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5751] write(4, "\x00\x00", 2) = 2 [pid 5751] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5750] <... futex resumed>) = 0 [pid 5750] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5750] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5750] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5750] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5750] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5751] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5750] <... clone resumed>, parent_tid=[5752], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5752 ./strace-static-x86_64: Process 5752 attached [pid 5750] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5752] set_robust_list(0x7f26566289e0, 24 [pid 5750] <... futex resumed>) = 0 [pid 5752] <... set_robust_list resumed>) = 0 [pid 5750] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5752] openat(AT_FDCWD, "", O_RDONLY [pid 5751] <... mmap resumed>) = 0x20000000 [pid 5751] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5752] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5751] <... futex resumed>) = 0 [pid 5752] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5750] <... futex resumed>) = 0 [pid 5751] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5752] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5751] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5750] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5751] getdents64(-1, [pid 5750] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5751] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5751] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5750] <... futex resumed>) = 0 [pid 5751] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5750] exit_group(0 [pid 5751] <... futex resumed>) = ? [pid 5750] <... exit_group resumed>) = ? [pid 5751] +++ exited with 0 +++ [pid 5752] <... futex resumed>) = ? [ 94.263087][ T5751] loop0: detected capacity change from 0 to 256 [ 94.273202][ T5751] exfat: Deprecated parameter 'utf8' [ 94.284825][ T5751] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5752] +++ exited with 0 +++ [pid 5750] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5750, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./224", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./224", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./224/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./224/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./224/binderfs") = 0 umount2("./224/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./224/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./224/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./224/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./224/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./224/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./224") = 0 mkdir("./225", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5753 ./strace-static-x86_64: Process 5753 attached [pid 5753] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5753] chdir("./225") = 0 [pid 5753] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5753] setpgid(0, 0) = 0 [pid 5753] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5753] write(3, "1000", 4) = 4 [pid 5753] close(3) = 0 [pid 5753] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5753] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5753] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5753] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5753] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5754 attached , parent_tid=[5754], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5754 [pid 5754] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5754] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5753] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5754] <... futex resumed>) = 0 [pid 5753] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5754] memfd_create("syzkaller", 0) = 3 [pid 5754] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5754] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5754] munmap(0x7f2656609000, 131072) = 0 [pid 5754] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5754] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5754] close(3) = 0 [pid 5754] mkdir("./file2", 0777) = 0 [pid 5754] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5754] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5754] chdir("./file2") = 0 [pid 5754] ioctl(4, LOOP_CLR_FD) = 0 [pid 5754] close(4) = 0 [pid 5754] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5754] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5753] <... futex resumed>) = 0 [pid 5753] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5754] <... futex resumed>) = 0 [pid 5753] <... futex resumed>) = 1 [pid 5754] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5753] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5754] <... openat resumed>) = 4 [pid 5754] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5753] <... futex resumed>) = 0 [pid 5754] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5753] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5754] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5753] <... futex resumed>) = 0 [pid 5754] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5753] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5754] <... openat resumed>) = 5 [pid 5754] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5753] <... futex resumed>) = 0 [pid 5754] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5753] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5754] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5753] <... futex resumed>) = 0 [pid 5754] write(4, "\x00\x00", 2 [pid 5753] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5754] <... write resumed>) = 2 [pid 5754] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5753] <... futex resumed>) = 0 [pid 5754] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5753] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5754] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5753] <... futex resumed>) = 0 [pid 5754] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5753] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5754] <... mmap resumed>) = 0x20000000 [pid 5753] <... futex resumed>) = 0 [pid 5754] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5753] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5754] <... futex resumed>) = 0 [pid 5753] <... mmap resumed>) = 0x7f2656608000 [pid 5754] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5753] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5753] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5755], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5755 [pid 5753] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5753] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5755 attached [pid 5755] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5755] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5755] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5755] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5753] <... futex resumed>) = 0 [pid 5755] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5753] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5754] <... futex resumed>) = 0 [pid 5753] <... futex resumed>) = 1 [pid 5754] getdents64(-1, [pid 5753] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5754] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5754] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5753] <... futex resumed>) = 0 [pid 5754] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5753] exit_group(0 [pid 5755] <... futex resumed>) = ? [pid 5754] <... futex resumed>) = ? [pid 5753] <... exit_group resumed>) = ? [pid 5755] +++ exited with 0 +++ [pid 5754] +++ exited with 0 +++ [pid 5753] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5753, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./225", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./225", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./225/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./225/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./225/binderfs") = 0 umount2("./225/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./225/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./225/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./225/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 94.398510][ T5754] loop0: detected capacity change from 0 to 256 [ 94.408148][ T5754] exfat: Deprecated parameter 'utf8' [ 94.419157][ T5754] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) openat(AT_FDCWD, "./225/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./225/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./225") = 0 mkdir("./226", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5756 ./strace-static-x86_64: Process 5756 attached [pid 5756] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5756] chdir("./226") = 0 [pid 5756] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5756] setpgid(0, 0) = 0 [pid 5756] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5756] write(3, "1000", 4) = 4 [pid 5756] close(3) = 0 [pid 5756] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5756] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5756] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5756] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5756] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5757 attached , parent_tid=[5757], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5757 [pid 5757] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5757] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5756] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5757] <... futex resumed>) = 0 [pid 5757] memfd_create("syzkaller", 0 [pid 5756] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5757] <... memfd_create resumed>) = 3 [pid 5757] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5757] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5757] munmap(0x7f2656609000, 131072) = 0 [pid 5757] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5757] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5757] close(3) = 0 [pid 5757] mkdir("./file2", 0777) = 0 [pid 5757] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5757] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5757] chdir("./file2") = 0 [pid 5757] ioctl(4, LOOP_CLR_FD) = 0 [pid 5757] close(4) = 0 [pid 5757] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5757] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5756] <... futex resumed>) = 0 [pid 5756] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5757] <... futex resumed>) = 0 [pid 5757] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5757] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5757] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5756] <... futex resumed>) = 1 [pid 5756] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5756] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5757] <... futex resumed>) = 0 [pid 5756] <... futex resumed>) = 1 [pid 5757] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5756] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5757] <... openat resumed>) = 5 [pid 5757] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5756] <... futex resumed>) = 0 [pid 5757] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5756] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5757] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5756] <... futex resumed>) = 0 [pid 5757] write(4, "\x00\x00", 2 [pid 5756] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5757] <... write resumed>) = 2 [pid 5757] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5756] <... futex resumed>) = 0 [pid 5757] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5756] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5757] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5756] <... futex resumed>) = 0 [pid 5757] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5756] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5757] <... futex resumed>) = 0 [pid 5756] <... futex resumed>) = 0 [pid 5757] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5756] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5756] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5756] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5758], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5758 [pid 5756] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5756] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5758 attached [pid 5758] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5758] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5758] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5758] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5756] <... futex resumed>) = 0 [pid 5756] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5757] <... futex resumed>) = 0 [pid 5756] <... futex resumed>) = 1 [pid 5757] getdents64(-1, [pid 5756] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5757] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5757] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5756] <... futex resumed>) = 0 [pid 5757] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5756] exit_group(0 [pid 5757] <... futex resumed>) = ? [pid 5756] <... exit_group resumed>) = ? [pid 5757] +++ exited with 0 +++ [pid 5758] <... futex resumed>) = ? [pid 5758] +++ exited with 0 +++ [pid 5756] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5756, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./226", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./226", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./226/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./226/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./226/binderfs") = 0 [ 94.510406][ T5757] loop0: detected capacity change from 0 to 256 [ 94.519725][ T5757] exfat: Deprecated parameter 'utf8' [ 94.531030][ T5757] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./226/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./226/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./226/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./226/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./226/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./226/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./226") = 0 mkdir("./227", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5759 ./strace-static-x86_64: Process 5759 attached [pid 5759] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5759] chdir("./227") = 0 [pid 5759] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5759] setpgid(0, 0) = 0 [pid 5759] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5759] write(3, "1000", 4) = 4 [pid 5759] close(3) = 0 [pid 5759] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5759] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5759] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5759] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5759] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5760], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5760 [pid 5759] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5759] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5760 attached [pid 5760] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5760] memfd_create("syzkaller", 0) = 3 [pid 5760] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5760] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5760] munmap(0x7f2656609000, 131072) = 0 [pid 5760] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5760] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5760] close(3) = 0 [pid 5760] mkdir("./file2", 0777) = 0 [pid 5760] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5760] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5760] chdir("./file2") = 0 [pid 5760] ioctl(4, LOOP_CLR_FD) = 0 [pid 5760] close(4) = 0 [pid 5760] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5759] <... futex resumed>) = 0 [pid 5760] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5759] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5760] <... futex resumed>) = 0 [pid 5760] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5759] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5760] <... openat resumed>) = 4 [pid 5760] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5759] <... futex resumed>) = 0 [pid 5760] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5759] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5759] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5760] <... openat resumed>) = 5 [pid 5760] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5759] <... futex resumed>) = 0 [pid 5760] write(4, "\x00\x00", 2 [pid 5759] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5760] <... write resumed>) = 2 [pid 5759] <... futex resumed>) = 0 [pid 5759] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5760] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5759] <... futex resumed>) = 0 [pid 5760] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5759] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5760] <... mmap resumed>) = 0x20000000 [pid 5759] <... futex resumed>) = 0 [pid 5759] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5759] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5760] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5760] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5759] <... mmap resumed>) = 0x7f2656608000 [pid 5759] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5759] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5761], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5761 ./strace-static-x86_64: Process 5761 attached [pid 5759] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5761] set_robust_list(0x7f26566289e0, 24 [pid 5759] <... futex resumed>) = 0 [pid 5761] <... set_robust_list resumed>) = 0 [pid 5759] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5761] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5761] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5761] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5759] <... futex resumed>) = 0 [pid 5761] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5759] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5760] <... futex resumed>) = 0 [pid 5759] <... futex resumed>) = 1 [pid 5760] getdents64(-1, [pid 5759] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5760] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5760] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5759] <... futex resumed>) = 0 [pid 5760] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5759] exit_group(0 [pid 5760] <... futex resumed>) = ? [pid 5759] <... exit_group resumed>) = ? [pid 5760] +++ exited with 0 +++ [pid 5761] <... futex resumed>) = ? [pid 5761] +++ exited with 0 +++ [pid 5759] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5759, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./227", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./227", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./227/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./227/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./227/binderfs") = 0 umount2("./227/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./227/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./227/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./227/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./227/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 [ 94.623835][ T5760] loop0: detected capacity change from 0 to 256 [ 94.633730][ T5760] exfat: Deprecated parameter 'utf8' [ 94.646589][ T5760] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) rmdir("./227/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./227") = 0 mkdir("./228", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5762 ./strace-static-x86_64: Process 5762 attached [pid 5762] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5762] chdir("./228") = 0 [pid 5762] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5762] setpgid(0, 0) = 0 [pid 5762] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5762] write(3, "1000", 4) = 4 [pid 5762] close(3) = 0 [pid 5762] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5762] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5762] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5762] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5762] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5763], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5763 [pid 5762] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5762] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5763 attached [pid 5763] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5763] memfd_create("syzkaller", 0) = 3 [pid 5763] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5763] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5763] munmap(0x7f2656609000, 131072) = 0 [pid 5763] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5763] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5763] close(3) = 0 [pid 5763] mkdir("./file2", 0777) = 0 [pid 5763] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5763] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5763] chdir("./file2") = 0 [pid 5763] ioctl(4, LOOP_CLR_FD) = 0 [pid 5763] close(4) = 0 [pid 5763] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5762] <... futex resumed>) = 0 [pid 5763] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5762] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5763] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5762] <... futex resumed>) = 0 [pid 5763] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5762] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5763] <... openat resumed>) = 4 [pid 5763] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5762] <... futex resumed>) = 0 [pid 5763] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5762] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5763] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5762] <... futex resumed>) = 0 [pid 5763] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5763] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5763] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5762] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5762] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5763] <... futex resumed>) = 0 [pid 5762] <... futex resumed>) = 1 [pid 5763] write(4, "\x00\x00", 2 [pid 5762] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5763] <... write resumed>) = 2 [pid 5763] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5762] <... futex resumed>) = 0 [pid 5763] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5762] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5763] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5762] <... futex resumed>) = 0 [pid 5763] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5762] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5762] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5763] <... mmap resumed>) = 0x20000000 [pid 5762] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5763] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5762] <... mprotect resumed>) = 0 [pid 5763] <... futex resumed>) = 0 [pid 5762] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5763] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5762] <... clone resumed>, parent_tid=[5764], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5764 [pid 5762] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5764 attached ) = 0 [pid 5764] set_robust_list(0x7f26566289e0, 24 [pid 5762] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5764] <... set_robust_list resumed>) = 0 [pid 5764] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5764] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5764] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5762] <... futex resumed>) = 0 [pid 5764] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5762] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5763] <... futex resumed>) = 0 [pid 5762] <... futex resumed>) = 1 [pid 5763] getdents64(-1, [pid 5762] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5763] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5763] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5762] <... futex resumed>) = 0 [pid 5763] <... futex resumed>) = 1 [pid 5763] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5762] exit_group(0 [pid 5764] <... futex resumed>) = ? [pid 5763] <... futex resumed>) = ? [pid 5762] <... exit_group resumed>) = ? [pid 5764] +++ exited with 0 +++ [pid 5763] +++ exited with 0 +++ [pid 5762] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5762, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./228", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./228", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./228/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./228/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./228/binderfs") = 0 umount2("./228/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./228/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./228/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 94.736490][ T5763] loop0: detected capacity change from 0 to 256 [ 94.745612][ T5763] exfat: Deprecated parameter 'utf8' [ 94.756978][ T5763] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./228/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./228/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./228/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./228") = 0 mkdir("./229", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5765 ./strace-static-x86_64: Process 5765 attached [pid 5765] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5765] chdir("./229") = 0 [pid 5765] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5765] setpgid(0, 0) = 0 [pid 5765] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5765] write(3, "1000", 4) = 4 [pid 5765] close(3) = 0 [pid 5765] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5765] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5765] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5765] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5765] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5766 attached , parent_tid=[5766], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5766 [pid 5765] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5766] set_robust_list(0x7f265ea299e0, 24 [pid 5765] <... futex resumed>) = 0 [pid 5766] <... set_robust_list resumed>) = 0 [pid 5765] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5766] memfd_create("syzkaller", 0) = 3 [pid 5766] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5766] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5766] munmap(0x7f2656609000, 131072) = 0 [pid 5766] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5766] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5766] close(3) = 0 [pid 5766] mkdir("./file2", 0777) = 0 [pid 5766] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5766] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5766] chdir("./file2") = 0 [pid 5766] ioctl(4, LOOP_CLR_FD) = 0 [pid 5766] close(4) = 0 [pid 5766] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5765] <... futex resumed>) = 0 [pid 5765] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5765] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5766] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5766] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5765] <... futex resumed>) = 0 [pid 5765] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5766] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5765] <... futex resumed>) = 0 [pid 5765] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5766] <... openat resumed>) = 5 [pid 5766] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5766] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5765] <... futex resumed>) = 0 [pid 5765] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5765] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5766] <... futex resumed>) = 0 [pid 5766] write(4, "\x00\x00", 2) = 2 [pid 5766] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5765] <... futex resumed>) = 0 [pid 5765] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5765] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5765] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5765] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5765] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5767 attached , parent_tid=[5767], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5767 [pid 5765] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5765] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5766] <... futex resumed>) = 1 [pid 5766] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5767] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5766] <... mmap resumed>) = 0x20000000 [pid 5767] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5766] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5766] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5767] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5767] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5765] <... futex resumed>) = 0 [pid 5765] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5765] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5766] <... futex resumed>) = 0 [pid 5766] getdents64(-1, [pid 5767] <... futex resumed>) = 1 [pid 5766] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5767] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5766] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5765] <... futex resumed>) = 0 [pid 5765] exit_group(0) = ? [pid 5767] <... futex resumed>) = ? [pid 5766] <... futex resumed>) = ? [pid 5767] +++ exited with 0 +++ [pid 5766] +++ exited with 0 +++ [pid 5765] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5765, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./229", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./229", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./229/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./229/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./229/binderfs") = 0 [ 94.843072][ T5766] loop0: detected capacity change from 0 to 256 [ 94.852368][ T5766] exfat: Deprecated parameter 'utf8' [ 94.861874][ T5766] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./229/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./229/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./229/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./229/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./229/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./229/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./229") = 0 mkdir("./230", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5768 ./strace-static-x86_64: Process 5768 attached [pid 5768] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5768] chdir("./230") = 0 [pid 5768] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5768] setpgid(0, 0) = 0 [pid 5768] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5768] write(3, "1000", 4) = 4 [pid 5768] close(3) = 0 [pid 5768] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5768] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5768] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5768] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5768] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5769 attached , parent_tid=[5769], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5769 [pid 5768] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5768] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5769] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5769] memfd_create("syzkaller", 0) = 3 [pid 5769] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5769] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5769] munmap(0x7f2656609000, 131072) = 0 [pid 5769] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5769] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5769] close(3) = 0 [pid 5769] mkdir("./file2", 0777) = 0 [pid 5769] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5769] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5769] chdir("./file2") = 0 [pid 5769] ioctl(4, LOOP_CLR_FD) = 0 [pid 5769] close(4) = 0 [pid 5769] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5768] <... futex resumed>) = 0 [pid 5769] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5768] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5768] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5769] <... openat resumed>) = 4 [pid 5769] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5768] <... futex resumed>) = 0 [pid 5769] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5768] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5768] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5769] <... openat resumed>) = 5 [pid 5769] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5768] <... futex resumed>) = 0 [pid 5769] write(4, "\x00\x00", 2 [pid 5768] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5769] <... write resumed>) = 2 [pid 5768] <... futex resumed>) = 0 [pid 5768] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5769] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5768] <... futex resumed>) = 0 [pid 5769] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5768] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5768] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5769] <... mmap resumed>) = 0x20000000 [pid 5768] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5769] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5768] <... mmap resumed>) = 0x7f2656608000 [pid 5768] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5769] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5768] <... mprotect resumed>) = 0 [pid 5768] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5770 attached , parent_tid=[5770], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5770 [pid 5770] set_robust_list(0x7f26566289e0, 24 [pid 5768] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5768] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5770] <... set_robust_list resumed>) = 0 [pid 5770] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5770] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5770] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5768] <... futex resumed>) = 0 [pid 5770] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5768] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5769] <... futex resumed>) = 0 [pid 5768] <... futex resumed>) = 1 [pid 5769] getdents64(-1, [pid 5768] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5769] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5769] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5768] <... futex resumed>) = 0 [pid 5769] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5768] exit_group(0 [pid 5770] <... futex resumed>) = ? [pid 5769] <... futex resumed>) = ? [pid 5768] <... exit_group resumed>) = ? [pid 5770] +++ exited with 0 +++ [pid 5769] +++ exited with 0 +++ [pid 5768] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5768, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./230", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./230", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./230/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./230/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./230/binderfs") = 0 [ 94.966799][ T5769] loop0: detected capacity change from 0 to 256 [ 94.978138][ T5769] exfat: Deprecated parameter 'utf8' [ 94.989017][ T5769] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./230/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./230/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./230/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./230/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./230/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./230/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./230") = 0 mkdir("./231", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5771 ./strace-static-x86_64: Process 5771 attached [pid 5771] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5771] chdir("./231") = 0 [pid 5771] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5771] setpgid(0, 0) = 0 [pid 5771] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5771] write(3, "1000", 4) = 4 [pid 5771] close(3) = 0 [pid 5771] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5771] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5771] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5771] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5771] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5772], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5772 [pid 5771] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5771] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5772 attached [pid 5772] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5772] memfd_create("syzkaller", 0) = 3 [pid 5772] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5772] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5772] munmap(0x7f2656609000, 131072) = 0 [pid 5772] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5772] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5772] close(3) = 0 [pid 5772] mkdir("./file2", 0777) = 0 [pid 5772] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5772] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5772] chdir("./file2") = 0 [pid 5772] ioctl(4, LOOP_CLR_FD) = 0 [pid 5772] close(4) = 0 [pid 5772] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5771] <... futex resumed>) = 0 [pid 5772] <... futex resumed>) = 1 [pid 5771] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5771] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5772] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5772] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5771] <... futex resumed>) = 0 [pid 5772] <... futex resumed>) = 1 [pid 5771] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5771] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5772] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5772] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5771] <... futex resumed>) = 0 [pid 5772] <... futex resumed>) = 1 [pid 5771] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5771] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5772] write(4, "\x00\x00", 2) = 2 [pid 5772] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5771] <... futex resumed>) = 0 [pid 5772] <... futex resumed>) = 1 [pid 5771] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5771] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5771] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5771] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5771] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5773], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5773 [pid 5771] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5771] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5773 attached [pid 5773] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5773] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5772] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5773] <... openat resumed>) = 6 [pid 5772] <... mmap resumed>) = 0x20000000 [pid 5773] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5771] <... futex resumed>) = 0 [pid 5771] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5771] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5773] <... futex resumed>) = 1 [pid 5773] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 5773] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5771] <... futex resumed>) = 0 [pid 5773] <... futex resumed>) = 1 [pid 5773] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5772] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5772] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5771] exit_group(0) = ? [pid 5773] <... futex resumed>) = ? [pid 5773] +++ exited with 0 +++ [pid 5772] <... futex resumed>) = ? [pid 5772] +++ exited with 0 +++ [pid 5771] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5771, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./231", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./231", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./231/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./231/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./231/binderfs") = 0 [ 95.070628][ T5772] loop0: detected capacity change from 0 to 256 [ 95.076295][ T5080] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 95.079768][ T5772] exfat: Deprecated parameter 'utf8' [ 95.099208][ T5772] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./231/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./231/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./231/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./231/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./231/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./231/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./231") = 0 mkdir("./232", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5774 ./strace-static-x86_64: Process 5774 attached [pid 5774] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5774] chdir("./232") = 0 [pid 5774] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5774] setpgid(0, 0) = 0 [pid 5774] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5774] write(3, "1000", 4) = 4 [pid 5774] close(3) = 0 [pid 5774] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5774] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5774] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5774] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5774] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5775 attached [pid 5775] set_robust_list(0x7f265ea299e0, 24 [pid 5774] <... clone resumed>, parent_tid=[5775], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5775 [pid 5775] <... set_robust_list resumed>) = 0 [pid 5774] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5774] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5775] memfd_create("syzkaller", 0) = 3 [pid 5775] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5775] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5775] munmap(0x7f2656609000, 131072) = 0 [pid 5775] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5775] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5775] close(3) = 0 [pid 5775] mkdir("./file2", 0777) = 0 [pid 5775] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5775] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5775] chdir("./file2") = 0 [pid 5775] ioctl(4, LOOP_CLR_FD) = 0 [pid 5775] close(4) = 0 [pid 5775] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5775] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5774] <... futex resumed>) = 0 [pid 5774] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5775] <... futex resumed>) = 0 [pid 5774] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5775] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5775] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5774] <... futex resumed>) = 0 [pid 5775] <... futex resumed>) = 1 [pid 5774] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5775] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5774] <... futex resumed>) = 0 [pid 5774] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5775] <... openat resumed>) = 5 [pid 5775] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5774] <... futex resumed>) = 0 [pid 5775] <... futex resumed>) = 1 [pid 5774] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5775] write(4, "\x00\x00", 2 [pid 5774] <... futex resumed>) = 0 [pid 5774] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5775] <... write resumed>) = 2 [pid 5775] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5774] <... futex resumed>) = 0 [pid 5775] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5774] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5774] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5774] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5775] <... mmap resumed>) = 0x20000000 [pid 5774] <... mmap resumed>) = 0x7f2656608000 [pid 5775] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5774] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5775] <... futex resumed>) = 0 [pid 5774] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5775] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5774] <... clone resumed>, parent_tid=[5776], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5776 [pid 5774] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5776 attached [pid 5776] set_robust_list(0x7f26566289e0, 24 [pid 5774] <... futex resumed>) = 0 [pid 5776] <... set_robust_list resumed>) = 0 [pid 5774] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5776] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5776] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5776] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5774] <... futex resumed>) = 0 [pid 5776] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5774] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5774] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5775] <... futex resumed>) = 0 [pid 5775] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5775] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5774] <... futex resumed>) = 0 [pid 5774] exit_group(0 [pid 5776] <... futex resumed>) = ? [pid 5774] <... exit_group resumed>) = ? [pid 5776] +++ exited with 0 +++ [pid 5775] +++ exited with 0 +++ [pid 5774] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5774, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./232", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./232", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./232/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./232/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./232/binderfs") = 0 [ 95.207288][ T5775] loop0: detected capacity change from 0 to 256 [ 95.216833][ T5775] exfat: Deprecated parameter 'utf8' [ 95.227533][ T5775] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./232/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./232/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./232/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./232/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./232/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./232/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./232") = 0 mkdir("./233", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5777 attached , child_tidptr=0x555556b3a6d0) = 5777 [pid 5777] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5777] chdir("./233") = 0 [pid 5777] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5777] setpgid(0, 0) = 0 [pid 5777] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5777] write(3, "1000", 4) = 4 [pid 5777] close(3) = 0 [pid 5777] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5777] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5777] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5777] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5777] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5778 attached , parent_tid=[5778], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5778 [pid 5778] set_robust_list(0x7f265ea299e0, 24 [pid 5777] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5778] <... set_robust_list resumed>) = 0 [pid 5777] <... futex resumed>) = 0 [pid 5777] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5778] memfd_create("syzkaller", 0) = 3 [pid 5778] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5778] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5778] munmap(0x7f2656609000, 131072) = 0 [pid 5778] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5778] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5778] close(3) = 0 [pid 5778] mkdir("./file2", 0777) = 0 [pid 5778] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5778] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5778] chdir("./file2") = 0 [pid 5778] ioctl(4, LOOP_CLR_FD) = 0 [pid 5778] close(4) = 0 [pid 5778] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5777] <... futex resumed>) = 0 [pid 5777] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5777] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5778] <... futex resumed>) = 1 [pid 5778] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5778] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5777] <... futex resumed>) = 0 [pid 5777] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5777] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5778] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5778] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5777] <... futex resumed>) = 0 [pid 5777] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5777] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5778] write(4, "\x00\x00", 2) = 2 [pid 5778] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5777] <... futex resumed>) = 0 [pid 5777] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5778] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5777] <... futex resumed>) = 0 [pid 5777] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5777] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5778] <... mmap resumed>) = 0x20000000 [pid 5777] <... mmap resumed>) = 0x7f2656608000 [pid 5777] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5778] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5777] <... mprotect resumed>) = 0 [pid 5777] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5779], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5779 [pid 5778] <... futex resumed>) = 0 [pid 5777] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5777] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5779 attached [pid 5779] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5779] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5779] openat(AT_FDCWD, "", O_RDONLY [pid 5778] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5779] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5779] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5777] <... futex resumed>) = 0 [pid 5777] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5777] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5779] <... futex resumed>) = 1 [pid 5779] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5778] <... futex resumed>) = 0 [pid 5778] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5778] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5777] <... futex resumed>) = 0 [pid 5778] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5777] exit_group(0) = ? [pid 5778] <... futex resumed>) = ? [pid 5779] <... futex resumed>) = ? [pid 5778] +++ exited with 0 +++ [pid 5779] +++ exited with 0 +++ [pid 5777] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5777, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./233", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./233", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./233/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./233/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./233/binderfs") = 0 [ 95.330567][ T5778] loop0: detected capacity change from 0 to 256 [ 95.339886][ T5778] exfat: Deprecated parameter 'utf8' [ 95.351111][ T5778] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./233/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./233/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./233/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./233/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./233/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./233/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./233") = 0 mkdir("./234", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5780 ./strace-static-x86_64: Process 5780 attached [pid 5780] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5780] chdir("./234") = 0 [pid 5780] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5780] setpgid(0, 0) = 0 [pid 5780] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5780] write(3, "1000", 4) = 4 [pid 5780] close(3) = 0 [pid 5780] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5780] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5780] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5780] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5780] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5781 attached , parent_tid=[5781], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5781 [pid 5780] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5780] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5781] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5781] memfd_create("syzkaller", 0) = 3 [pid 5781] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5781] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5781] munmap(0x7f2656609000, 131072) = 0 [pid 5781] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5781] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5781] close(3) = 0 [pid 5781] mkdir("./file2", 0777) = 0 [pid 5781] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5781] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5781] chdir("./file2") = 0 [pid 5781] ioctl(4, LOOP_CLR_FD) = 0 [pid 5781] close(4) = 0 [pid 5781] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5780] <... futex resumed>) = 0 [pid 5780] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5780] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5781] <... futex resumed>) = 1 [pid 5781] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5781] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5780] <... futex resumed>) = 0 [pid 5780] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5780] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5781] <... futex resumed>) = 1 [pid 5781] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5781] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5780] <... futex resumed>) = 0 [pid 5781] write(4, "\x00\x00", 2 [pid 5780] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5781] <... write resumed>) = 2 [pid 5780] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5781] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5780] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5781] <... futex resumed>) = 0 [pid 5780] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5781] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5780] <... futex resumed>) = 0 [pid 5780] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5780] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5781] <... mmap resumed>) = 0x20000000 [pid 5780] <... mmap resumed>) = 0x7f2656608000 [pid 5781] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5780] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5781] <... futex resumed>) = 0 [pid 5781] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5780] <... mprotect resumed>) = 0 [pid 5780] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5782 attached , parent_tid=[5782], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5782 [pid 5780] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5780] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5782] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5782] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5782] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5782] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5780] <... futex resumed>) = 0 [pid 5782] <... futex resumed>) = 1 [pid 5780] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5782] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5781] <... futex resumed>) = 0 [pid 5780] <... futex resumed>) = 1 [pid 5781] getdents64(-1, [pid 5780] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5781] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5781] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5780] <... futex resumed>) = 0 [pid 5781] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5780] exit_group(0 [pid 5782] <... futex resumed>) = ? [pid 5781] <... futex resumed>) = ? [pid 5780] <... exit_group resumed>) = ? [pid 5782] +++ exited with 0 +++ [pid 5781] +++ exited with 0 +++ [pid 5780] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5780, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./234", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./234", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./234/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./234/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./234/binderfs") = 0 [ 95.458107][ T5781] loop0: detected capacity change from 0 to 256 [ 95.467017][ T5781] exfat: Deprecated parameter 'utf8' [ 95.478967][ T5781] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./234/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./234/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./234/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./234/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./234/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./234/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./234") = 0 mkdir("./235", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5783 ./strace-static-x86_64: Process 5783 attached [pid 5783] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5783] chdir("./235") = 0 [pid 5783] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5783] setpgid(0, 0) = 0 [pid 5783] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5783] write(3, "1000", 4) = 4 [pid 5783] close(3) = 0 [pid 5783] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5783] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5783] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5783] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5783] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5784 attached , parent_tid=[5784], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5784 [pid 5783] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5783] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5784] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5784] memfd_create("syzkaller", 0) = 3 [pid 5784] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5784] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5784] munmap(0x7f2656609000, 131072) = 0 [pid 5784] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5784] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5784] close(3) = 0 [pid 5784] mkdir("./file2", 0777) = 0 [pid 5784] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5784] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5784] chdir("./file2") = 0 [pid 5784] ioctl(4, LOOP_CLR_FD) = 0 [pid 5784] close(4) = 0 [pid 5784] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5783] <... futex resumed>) = 0 [pid 5784] <... futex resumed>) = 1 [pid 5783] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5784] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5783] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5784] <... openat resumed>) = 4 [pid 5784] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5783] <... futex resumed>) = 0 [pid 5784] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5783] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5783] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5784] <... openat resumed>) = 5 [pid 5784] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5783] <... futex resumed>) = 0 [pid 5784] write(4, "\x00\x00", 2 [pid 5783] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5783] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5784] <... write resumed>) = 2 [pid 5784] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5783] <... futex resumed>) = 0 [pid 5783] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5783] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5783] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5783] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5784] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5783] <... mprotect resumed>) = 0 [pid 5783] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5784] <... mmap resumed>) = 0x20000000 ./strace-static-x86_64: Process 5785 attached [pid 5783] <... clone resumed>, parent_tid=[5785], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5785 [pid 5785] set_robust_list(0x7f26566289e0, 24 [pid 5783] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5784] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5783] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5784] <... futex resumed>) = 0 [pid 5785] <... set_robust_list resumed>) = 0 [pid 5784] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5785] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5785] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5785] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5783] <... futex resumed>) = 0 [pid 5783] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5784] <... futex resumed>) = 0 [pid 5783] <... futex resumed>) = 1 [pid 5783] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5784] getdents64(-1, [pid 5785] <... futex resumed>) = 1 [pid 5785] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5784] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5784] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5783] <... futex resumed>) = 0 [pid 5784] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5783] exit_group(0 [pid 5784] <... futex resumed>) = ? [pid 5783] <... exit_group resumed>) = ? [pid 5784] +++ exited with 0 +++ [pid 5785] <... futex resumed>) = ? [pid 5785] +++ exited with 0 +++ [pid 5783] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5783, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./235", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./235", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./235/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./235/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./235/binderfs") = 0 [ 95.594882][ T5784] loop0: detected capacity change from 0 to 256 [ 95.605553][ T5784] exfat: Deprecated parameter 'utf8' [ 95.615362][ T5784] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./235/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./235/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./235/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./235/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./235/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./235/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./235") = 0 mkdir("./236", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5786 ./strace-static-x86_64: Process 5786 attached [pid 5786] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5786] chdir("./236") = 0 [pid 5786] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5786] setpgid(0, 0) = 0 [pid 5786] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5786] write(3, "1000", 4) = 4 [pid 5786] close(3) = 0 [pid 5786] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5786] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5786] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5786] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5786] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5787 attached , parent_tid=[5787], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5787 [pid 5787] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5787] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5786] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5787] <... futex resumed>) = 0 [pid 5786] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5787] memfd_create("syzkaller", 0) = 3 [pid 5787] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5787] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5787] munmap(0x7f2656609000, 131072) = 0 [pid 5787] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5787] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5787] close(3) = 0 [pid 5787] mkdir("./file2", 0777) = 0 [pid 5787] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5787] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5787] chdir("./file2") = 0 [pid 5787] ioctl(4, LOOP_CLR_FD) = 0 [pid 5787] close(4) = 0 [pid 5787] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5787] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5786] <... futex resumed>) = 0 [pid 5786] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5787] <... futex resumed>) = 0 [pid 5786] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5787] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5787] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5786] <... futex resumed>) = 0 [pid 5787] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5786] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5787] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5786] <... futex resumed>) = 0 [pid 5787] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5786] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5787] <... openat resumed>) = 5 [pid 5787] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5786] <... futex resumed>) = 0 [pid 5787] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5786] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5787] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5786] <... futex resumed>) = 0 [pid 5787] write(4, "\x00\x00", 2 [pid 5786] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5787] <... write resumed>) = 2 [pid 5787] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5786] <... futex resumed>) = 0 [pid 5787] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5786] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5787] <... mmap resumed>) = 0x20000000 [pid 5786] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5787] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5786] <... futex resumed>) = 0 [pid 5786] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5787] <... futex resumed>) = 0 [pid 5786] <... mmap resumed>) = 0x7f2656608000 [pid 5786] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5787] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5786] <... mprotect resumed>) = 0 [pid 5786] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5788], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5788 ./strace-static-x86_64: Process 5788 attached [pid 5786] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5788] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5788] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5788] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5788] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5786] <... futex resumed>) = 0 [pid 5786] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5786] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5788] <... futex resumed>) = 0 [pid 5786] <... futex resumed>) = 1 [pid 5787] <... futex resumed>) = 0 [pid 5786] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5788] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5787] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5787] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5786] <... futex resumed>) = 0 [pid 5787] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5786] exit_group(0 [pid 5787] <... futex resumed>) = ? [pid 5786] <... exit_group resumed>) = ? [pid 5787] +++ exited with 0 +++ [pid 5788] <... futex resumed>) = ? [pid 5788] +++ exited with 0 +++ [pid 5786] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5786, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./236", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./236", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 95.717503][ T5787] loop0: detected capacity change from 0 to 256 [ 95.726746][ T5787] exfat: Deprecated parameter 'utf8' [ 95.742865][ T5787] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./236/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./236/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./236/binderfs") = 0 umount2("./236/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./236/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./236/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./236/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./236/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./236/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./236") = 0 mkdir("./237", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5789 ./strace-static-x86_64: Process 5789 attached [pid 5789] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5789] chdir("./237") = 0 [pid 5789] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5789] setpgid(0, 0) = 0 [pid 5789] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5789] write(3, "1000", 4) = 4 [pid 5789] close(3) = 0 [pid 5789] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5789] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5789] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5789] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5789] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5790 attached , parent_tid=[5790], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5790 [pid 5790] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5789] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5789] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5790] memfd_create("syzkaller", 0) = 3 [pid 5790] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5790] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5790] munmap(0x7f2656609000, 131072) = 0 [pid 5790] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5790] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5790] close(3) = 0 [pid 5790] mkdir("./file2", 0777) = 0 [pid 5790] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5790] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5790] chdir("./file2") = 0 [pid 5790] ioctl(4, LOOP_CLR_FD) = 0 [pid 5790] close(4) = 0 [pid 5790] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5789] <... futex resumed>) = 0 [pid 5790] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5789] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5789] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5790] <... openat resumed>) = 4 [pid 5790] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5789] <... futex resumed>) = 0 [pid 5789] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5790] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5789] <... futex resumed>) = 0 [pid 5789] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5790] <... openat resumed>) = 5 [pid 5790] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5789] <... futex resumed>) = 0 [pid 5789] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5789] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5790] write(4, "\x00\x00", 2) = 2 [pid 5790] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5789] <... futex resumed>) = 0 [pid 5789] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5789] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5789] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5790] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5789] <... mmap resumed>) = 0x7f2656608000 [pid 5789] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5789] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5791 attached , parent_tid=[5791], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5791 [pid 5791] set_robust_list(0x7f26566289e0, 24 [pid 5789] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5789] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5791] <... set_robust_list resumed>) = 0 [pid 5790] <... mmap resumed>) = 0x20000000 [pid 5791] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5791] openat(AT_FDCWD, "", O_RDONLY [pid 5790] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5791] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5790] <... futex resumed>) = 0 [pid 5791] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5790] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5791] <... futex resumed>) = 1 [pid 5789] <... futex resumed>) = 0 [pid 5791] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5789] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5789] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5790] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5790] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5790] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5789] <... futex resumed>) = 0 [pid 5790] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5789] exit_group(0) = ? [pid 5791] <... futex resumed>) = ? [pid 5791] +++ exited with 0 +++ [pid 5790] <... futex resumed>) = ? [pid 5790] +++ exited with 0 +++ [pid 5789] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5789, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./237", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./237", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./237/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./237/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./237/binderfs") = 0 [ 95.856556][ T5790] loop0: detected capacity change from 0 to 256 [ 95.867335][ T5790] exfat: Deprecated parameter 'utf8' [ 95.877201][ T5790] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./237/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./237/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./237/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./237/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./237/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./237/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./237") = 0 mkdir("./238", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5792 ./strace-static-x86_64: Process 5792 attached [pid 5792] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5792] chdir("./238") = 0 [pid 5792] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5792] setpgid(0, 0) = 0 [pid 5792] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5792] write(3, "1000", 4) = 4 [pid 5792] close(3) = 0 [pid 5792] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5792] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5792] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5792] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5792] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5793 attached [pid 5793] set_robust_list(0x7f265ea299e0, 24 [pid 5792] <... clone resumed>, parent_tid=[5793], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5793 [pid 5792] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] <... set_robust_list resumed>) = 0 [pid 5792] <... futex resumed>) = 0 [pid 5793] memfd_create("syzkaller", 0 [pid 5792] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5793] <... memfd_create resumed>) = 3 [pid 5793] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5793] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5793] munmap(0x7f2656609000, 131072) = 0 [pid 5793] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5793] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5793] close(3) = 0 [pid 5793] mkdir("./file2", 0777) = 0 [pid 5793] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5793] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5793] chdir("./file2") = 0 [pid 5793] ioctl(4, LOOP_CLR_FD) = 0 [pid 5793] close(4) = 0 [pid 5793] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5792] <... futex resumed>) = 0 [pid 5793] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5792] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5792] <... futex resumed>) = 0 [pid 5793] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5792] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5793] <... openat resumed>) = 4 [pid 5793] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5792] <... futex resumed>) = 0 [pid 5793] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5792] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5792] <... futex resumed>) = 0 [pid 5793] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5792] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5793] <... openat resumed>) = 5 [pid 5793] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5792] <... futex resumed>) = 0 [pid 5793] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5792] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5792] <... futex resumed>) = 0 [pid 5793] write(4, "\x00\x00", 2 [pid 5792] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5793] <... write resumed>) = 2 [pid 5793] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5792] <... futex resumed>) = 0 [pid 5793] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5792] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5792] <... futex resumed>) = 0 [pid 5793] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5792] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] <... mmap resumed>) = 0x20000000 [pid 5792] <... futex resumed>) = 0 [pid 5793] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5792] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5793] <... futex resumed>) = 0 [pid 5792] <... mmap resumed>) = 0x7f2656608000 [pid 5793] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5792] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5792] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5794], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5794 [pid 5792] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5792] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5794 attached [pid 5794] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5794] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5794] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5794] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5792] <... futex resumed>) = 0 [pid 5792] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] <... futex resumed>) = 0 [pid 5792] <... futex resumed>) = 1 [pid 5793] getdents64(-1, [pid 5792] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5793] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5793] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5792] <... futex resumed>) = 0 [pid 5793] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5792] exit_group(0 [pid 5793] <... futex resumed>) = ? [pid 5792] <... exit_group resumed>) = ? [pid 5793] +++ exited with 0 +++ [pid 5794] +++ exited with 0 +++ [pid 5792] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5792, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./238", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./238", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./238/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./238/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./238/binderfs") = 0 [ 96.004970][ T5793] loop0: detected capacity change from 0 to 256 [ 96.015524][ T5793] exfat: Deprecated parameter 'utf8' [ 96.025743][ T5793] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./238/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./238/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./238/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./238/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./238/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./238/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./238") = 0 mkdir("./239", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5795 ./strace-static-x86_64: Process 5795 attached [pid 5795] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5795] chdir("./239") = 0 [pid 5795] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5795] setpgid(0, 0) = 0 [pid 5795] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5795] write(3, "1000", 4) = 4 [pid 5795] close(3) = 0 [pid 5795] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5795] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5795] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5795] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5795] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5796 attached , parent_tid=[5796], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5796 [pid 5796] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5796] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5795] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5796] <... futex resumed>) = 0 [pid 5795] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5796] memfd_create("syzkaller", 0) = 3 [pid 5796] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5796] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5796] munmap(0x7f2656609000, 131072) = 0 [pid 5796] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5796] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5796] close(3) = 0 [pid 5796] mkdir("./file2", 0777) = 0 [pid 5796] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5796] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5796] chdir("./file2") = 0 [pid 5796] ioctl(4, LOOP_CLR_FD) = 0 [pid 5796] close(4) = 0 [pid 5796] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5795] <... futex resumed>) = 0 [pid 5796] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5795] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5796] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5795] <... futex resumed>) = 0 [pid 5795] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5796] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5796] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5795] <... futex resumed>) = 0 [pid 5795] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5795] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5796] <... futex resumed>) = 1 [pid 5796] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5796] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5795] <... futex resumed>) = 0 [pid 5795] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5795] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5796] write(4, "\x00\x00", 2) = 2 [pid 5796] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5795] <... futex resumed>) = 0 [pid 5796] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5795] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5796] <... futex resumed>) = 0 [pid 5795] <... futex resumed>) = 1 [pid 5796] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5795] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5796] <... mmap resumed>) = 0x20000000 [pid 5795] <... futex resumed>) = 0 [pid 5796] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5795] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5796] <... futex resumed>) = 0 [pid 5795] <... mmap resumed>) = 0x7f2656608000 [pid 5796] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5795] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5795] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5797 attached [pid 5797] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5797] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5795] <... clone resumed>, parent_tid=[5797], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5797 [pid 5795] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5797] <... futex resumed>) = 0 [pid 5795] <... futex resumed>) = 1 [pid 5797] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5797] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5797] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5797] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5795] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5795] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5796] <... futex resumed>) = 0 [pid 5795] <... futex resumed>) = 1 [pid 5796] getdents64(-1, [pid 5795] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5796] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5796] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5795] <... futex resumed>) = 0 [pid 5796] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5795] exit_group(0) = ? [pid 5796] <... futex resumed>) = ? [pid 5797] <... futex resumed>) = ? [pid 5797] +++ exited with 0 +++ [pid 5796] +++ exited with 0 +++ [pid 5795] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5795, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./239", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./239", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./239/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./239/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./239/binderfs") = 0 umount2("./239/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 96.135770][ T5796] loop0: detected capacity change from 0 to 256 [ 96.145339][ T5796] exfat: Deprecated parameter 'utf8' [ 96.155097][ T5796] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./239/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./239/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./239/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./239/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./239/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./239") = 0 mkdir("./240", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5798 ./strace-static-x86_64: Process 5798 attached [pid 5798] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5798] chdir("./240") = 0 [pid 5798] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5798] setpgid(0, 0) = 0 [pid 5798] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5798] write(3, "1000", 4) = 4 [pid 5798] close(3) = 0 [pid 5798] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5798] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5798] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5798] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5798] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5799 attached , parent_tid=[5799], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5799 [pid 5798] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5798] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5799] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5799] memfd_create("syzkaller", 0) = 3 [pid 5799] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5799] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5799] munmap(0x7f2656609000, 131072) = 0 [pid 5799] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5799] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5799] close(3) = 0 [pid 5799] mkdir("./file2", 0777) = 0 [pid 5799] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5799] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5799] chdir("./file2") = 0 [pid 5799] ioctl(4, LOOP_CLR_FD) = 0 [pid 5799] close(4) = 0 [pid 5799] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5798] <... futex resumed>) = 0 [pid 5798] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5798] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5799] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5799] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5798] <... futex resumed>) = 0 [pid 5798] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5798] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5799] <... futex resumed>) = 1 [pid 5799] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5799] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5798] <... futex resumed>) = 0 [pid 5798] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5798] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5799] write(4, "\x00\x00", 2) = 2 [pid 5799] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5798] <... futex resumed>) = 0 [pid 5799] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5798] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5798] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5798] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5799] <... mmap resumed>) = 0x20000000 [pid 5798] <... mmap resumed>) = 0x7f2656608000 [pid 5799] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5798] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5799] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5798] <... mprotect resumed>) = 0 [pid 5798] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5800 attached [pid 5800] set_robust_list(0x7f26566289e0, 24 [pid 5798] <... clone resumed>, parent_tid=[5800], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5800 [pid 5800] <... set_robust_list resumed>) = 0 [pid 5798] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5800] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5798] <... futex resumed>) = 0 [pid 5798] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5800] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5800] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5798] <... futex resumed>) = 0 [pid 5800] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5798] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5798] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5799] <... futex resumed>) = 0 [pid 5799] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5799] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5798] <... futex resumed>) = 0 [pid 5799] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5798] exit_group(0 [pid 5800] <... futex resumed>) = ? [pid 5798] <... exit_group resumed>) = ? [pid 5800] +++ exited with 0 +++ [pid 5799] <... futex resumed>) = ? [pid 5799] +++ exited with 0 +++ [pid 5798] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5798, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./240", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./240", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./240/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./240/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./240/binderfs") = 0 umount2("./240/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 96.269609][ T5799] loop0: detected capacity change from 0 to 256 [ 96.278052][ T5799] exfat: Deprecated parameter 'utf8' [ 96.287743][ T5799] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./240/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./240/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./240/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./240/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./240/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./240") = 0 mkdir("./241", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5801 ./strace-static-x86_64: Process 5801 attached [pid 5801] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5801] chdir("./241") = 0 [pid 5801] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5801] setpgid(0, 0) = 0 [pid 5801] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5801] write(3, "1000", 4) = 4 [pid 5801] close(3) = 0 [pid 5801] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5801] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5801] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5801] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5801] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5802 attached [pid 5802] set_robust_list(0x7f265ea299e0, 24 [pid 5801] <... clone resumed>, parent_tid=[5802], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5802 [pid 5802] <... set_robust_list resumed>) = 0 [pid 5801] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5801] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5802] memfd_create("syzkaller", 0) = 3 [pid 5802] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5802] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5802] munmap(0x7f2656609000, 131072) = 0 [pid 5802] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5802] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5802] close(3) = 0 [pid 5802] mkdir("./file2", 0777) = 0 [pid 5802] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5802] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5802] chdir("./file2") = 0 [pid 5802] ioctl(4, LOOP_CLR_FD) = 0 [pid 5802] close(4) = 0 [pid 5802] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5801] <... futex resumed>) = 0 [pid 5802] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5801] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5802] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5801] <... futex resumed>) = 0 [pid 5802] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5801] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5802] <... openat resumed>) = 4 [pid 5802] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5801] <... futex resumed>) = 0 [pid 5802] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5801] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5802] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5801] <... futex resumed>) = 0 [pid 5802] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5801] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5802] <... openat resumed>) = 5 [pid 5802] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5801] <... futex resumed>) = 0 [pid 5802] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5801] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5802] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5801] <... futex resumed>) = 0 [pid 5802] write(4, "\x00\x00", 2 [pid 5801] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5802] <... write resumed>) = 2 [pid 5802] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5801] <... futex resumed>) = 0 [pid 5802] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5801] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5802] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5801] <... futex resumed>) = 0 [pid 5802] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5801] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5802] <... mmap resumed>) = 0x20000000 [pid 5801] <... futex resumed>) = 0 [pid 5802] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5801] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5802] <... futex resumed>) = 0 [pid 5801] <... mmap resumed>) = 0x7f2656608000 [pid 5802] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5801] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5801] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5803 attached , parent_tid=[5803], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5803 [pid 5801] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5801] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5803] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5803] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5803] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5803] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5801] <... futex resumed>) = 0 [pid 5803] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5801] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5802] <... futex resumed>) = 0 [pid 5801] <... futex resumed>) = 1 [pid 5802] getdents64(-1, [pid 5801] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5802] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5802] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5801] <... futex resumed>) = 0 [pid 5802] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5801] exit_group(0 [pid 5803] <... futex resumed>) = ? [pid 5802] <... futex resumed>) = ? [pid 5801] <... exit_group resumed>) = ? [pid 5803] +++ exited with 0 +++ [pid 5802] +++ exited with 0 +++ [pid 5801] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5801, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./241", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./241", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./241/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./241/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./241/binderfs") = 0 umount2("./241/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./241/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 96.393778][ T5802] loop0: detected capacity change from 0 to 256 [ 96.404292][ T5802] exfat: Deprecated parameter 'utf8' [ 96.414927][ T5802] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) lstat("./241/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./241/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./241/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./241/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./241") = 0 mkdir("./242", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5804 ./strace-static-x86_64: Process 5804 attached [pid 5804] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5804] chdir("./242") = 0 [pid 5804] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5804] setpgid(0, 0) = 0 [pid 5804] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5804] write(3, "1000", 4) = 4 [pid 5804] close(3) = 0 [pid 5804] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5804] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5804] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5804] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5804] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5805 attached , parent_tid=[5805], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5805 [pid 5805] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5805] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5804] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5805] <... futex resumed>) = 0 [pid 5804] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5805] memfd_create("syzkaller", 0) = 3 [pid 5805] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5805] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5805] munmap(0x7f2656609000, 131072) = 0 [pid 5805] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5805] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5805] close(3) = 0 [pid 5805] mkdir("./file2", 0777) = 0 [pid 5805] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5805] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5805] chdir("./file2") = 0 [pid 5805] ioctl(4, LOOP_CLR_FD) = 0 [pid 5805] close(4) = 0 [pid 5805] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5804] <... futex resumed>) = 0 [pid 5805] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5804] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5805] <... openat resumed>) = 4 [pid 5804] <... futex resumed>) = 0 [pid 5805] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5804] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5805] <... futex resumed>) = 0 [pid 5804] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5805] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5804] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5805] <... openat resumed>) = 5 [pid 5804] <... futex resumed>) = 0 [pid 5805] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5804] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5805] <... futex resumed>) = 0 [pid 5804] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5805] write(4, "\x00\x00", 2 [pid 5804] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5805] <... write resumed>) = 2 [pid 5804] <... futex resumed>) = 0 [pid 5805] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5804] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5805] <... futex resumed>) = 0 [pid 5804] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5805] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5804] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5805] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5804] <... futex resumed>) = 0 [pid 5805] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5804] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5805] <... mmap resumed>) = 0x20000000 [pid 5804] <... futex resumed>) = 0 [pid 5805] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5804] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5805] <... futex resumed>) = 0 [pid 5804] <... mmap resumed>) = 0x7f2656608000 [pid 5805] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5804] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5804] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5806], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5806 [pid 5804] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5804] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5806 attached [pid 5806] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5806] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5806] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5806] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5804] <... futex resumed>) = 0 [pid 5806] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5804] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5805] <... futex resumed>) = 0 [pid 5804] <... futex resumed>) = 1 [pid 5805] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5804] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5805] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5804] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5805] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5804] exit_group(0 [pid 5806] <... futex resumed>) = ? [pid 5805] <... futex resumed>) = ? [pid 5804] <... exit_group resumed>) = ? [pid 5806] +++ exited with 0 +++ [pid 5805] +++ exited with 0 +++ [pid 5804] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5804, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./242", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./242", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./242/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./242/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./242/binderfs") = 0 umount2("./242/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./242/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./242/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./242/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./242/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./242/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./242") = 0 [ 96.508540][ T5805] loop0: detected capacity change from 0 to 256 [ 96.517231][ T5805] exfat: Deprecated parameter 'utf8' [ 96.527379][ T5805] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) mkdir("./243", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5807 ./strace-static-x86_64: Process 5807 attached [pid 5807] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5807] chdir("./243") = 0 [pid 5807] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5807] setpgid(0, 0) = 0 [pid 5807] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5807] write(3, "1000", 4) = 4 [pid 5807] close(3) = 0 [pid 5807] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5807] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5807] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5807] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5807] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5808], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5808 [pid 5807] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5807] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5808 attached [pid 5808] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5808] memfd_create("syzkaller", 0) = 3 [pid 5808] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5808] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5808] munmap(0x7f2656609000, 131072) = 0 [pid 5808] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5808] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5808] close(3) = 0 [pid 5808] mkdir("./file2", 0777) = 0 [pid 5808] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5808] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5808] chdir("./file2") = 0 [pid 5808] ioctl(4, LOOP_CLR_FD) = 0 [pid 5808] close(4) = 0 [pid 5808] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5808] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5807] <... futex resumed>) = 0 [pid 5807] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5808] <... futex resumed>) = 0 [pid 5807] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5808] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5808] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5807] <... futex resumed>) = 0 [pid 5808] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5807] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5807] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5808] <... futex resumed>) = 0 [pid 5808] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5808] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5807] <... futex resumed>) = 0 [pid 5808] write(4, "\x00\x00", 2 [pid 5807] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5807] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5808] <... write resumed>) = 2 [pid 5808] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5807] <... futex resumed>) = 0 [pid 5808] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5807] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5807] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5807] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5808] <... mmap resumed>) = 0x20000000 [pid 5808] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5808] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5807] <... mmap resumed>) = 0x7f2656608000 [pid 5807] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5807] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5809 attached , parent_tid=[5809], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5809 [pid 5809] set_robust_list(0x7f26566289e0, 24 [pid 5807] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5809] <... set_robust_list resumed>) = 0 [pid 5807] <... futex resumed>) = 0 [pid 5807] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5809] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5809] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5809] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5807] <... futex resumed>) = 0 [pid 5807] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5808] <... futex resumed>) = 0 [pid 5808] getdents64(-1, [pid 5807] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5808] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5808] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5809] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5808] <... futex resumed>) = 1 [pid 5807] <... futex resumed>) = 0 [pid 5808] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5807] exit_group(0 [pid 5808] <... futex resumed>) = ? [pid 5807] <... exit_group resumed>) = ? [pid 5808] +++ exited with 0 +++ [pid 5809] <... futex resumed>) = ? [pid 5809] +++ exited with 0 +++ [pid 5807] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5807, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./243", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./243", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./243/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./243/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./243/binderfs") = 0 umount2("./243/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./243/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./243/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./243/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./243/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./243/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./243") = 0 mkdir("./244", 0777) = 0 [ 96.625702][ T5808] loop0: detected capacity change from 0 to 256 [ 96.637624][ T5808] exfat: Deprecated parameter 'utf8' [ 96.647697][ T5808] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5810 ./strace-static-x86_64: Process 5810 attached [pid 5810] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5810] chdir("./244") = 0 [pid 5810] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5810] setpgid(0, 0) = 0 [pid 5810] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5810] write(3, "1000", 4) = 4 [pid 5810] close(3) = 0 [pid 5810] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5810] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5810] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5810] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5810] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5811 attached [pid 5811] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5811] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5810] <... clone resumed>, parent_tid=[5811], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5811 [pid 5810] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5810] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5811] <... futex resumed>) = 0 [pid 5811] memfd_create("syzkaller", 0) = 3 [pid 5811] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5811] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5811] munmap(0x7f2656609000, 131072) = 0 [pid 5811] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5811] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5811] close(3) = 0 [pid 5811] mkdir("./file2", 0777) = 0 [pid 5811] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5811] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5811] chdir("./file2") = 0 [pid 5811] ioctl(4, LOOP_CLR_FD) = 0 [pid 5811] close(4) = 0 [pid 5811] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5811] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5810] <... futex resumed>) = 0 [pid 5810] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5811] <... futex resumed>) = 0 [pid 5811] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5810] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5811] <... openat resumed>) = 4 [pid 5811] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5811] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5810] <... futex resumed>) = 0 [pid 5810] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5811] <... futex resumed>) = 0 [pid 5810] <... futex resumed>) = 1 [pid 5811] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5810] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5811] <... openat resumed>) = 5 [pid 5811] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5810] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5811] <... futex resumed>) = 0 [pid 5810] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5810] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5811] write(4, "\x00\x00", 2) = 2 [pid 5811] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5810] <... futex resumed>) = 0 [pid 5810] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5811] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5810] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5811] <... mmap resumed>) = 0x20000000 [pid 5810] <... futex resumed>) = 0 [pid 5810] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5811] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5811] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5810] <... mmap resumed>) = 0x7f2656608000 [pid 5810] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5810] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5812 attached , parent_tid=[5812], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5812 [pid 5812] set_robust_list(0x7f26566289e0, 24 [pid 5810] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5810] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5812] <... set_robust_list resumed>) = 0 [pid 5812] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5812] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5812] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5810] <... futex resumed>) = 0 [pid 5810] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5811] <... futex resumed>) = 0 [pid 5810] <... futex resumed>) = 1 [pid 5811] getdents64(-1, [pid 5810] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5811] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5811] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5810] <... futex resumed>) = 0 [pid 5811] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5810] exit_group(0 [pid 5811] <... futex resumed>) = ? [pid 5810] <... exit_group resumed>) = ? [pid 5811] +++ exited with 0 +++ [pid 5812] +++ exited with 0 +++ [pid 5810] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5810, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./244", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./244", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./244/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./244/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./244/binderfs") = 0 [ 96.741212][ T5811] loop0: detected capacity change from 0 to 256 [ 96.750003][ T5811] exfat: Deprecated parameter 'utf8' [ 96.760694][ T5811] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./244/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./244/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./244/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./244/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./244/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./244/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./244") = 0 mkdir("./245", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5813 attached [pid 5813] set_robust_list(0x555556b3a6e0, 24 [pid 5078] <... clone resumed>, child_tidptr=0x555556b3a6d0) = 5813 [pid 5813] <... set_robust_list resumed>) = 0 [pid 5813] chdir("./245") = 0 [pid 5813] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5813] setpgid(0, 0) = 0 [pid 5813] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5813] write(3, "1000", 4) = 4 [pid 5813] close(3) = 0 [pid 5813] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5813] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5813] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5813] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5813] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5814], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5814 ./strace-static-x86_64: Process 5814 attached [pid 5814] set_robust_list(0x7f265ea299e0, 24 [pid 5813] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5814] <... set_robust_list resumed>) = 0 [pid 5813] <... futex resumed>) = 0 [pid 5813] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5814] memfd_create("syzkaller", 0) = 3 [pid 5814] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5814] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5814] munmap(0x7f2656609000, 131072) = 0 [pid 5814] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5814] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5814] close(3) = 0 [pid 5814] mkdir("./file2", 0777) = 0 [pid 5814] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5814] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5814] chdir("./file2") = 0 [pid 5814] ioctl(4, LOOP_CLR_FD) = 0 [pid 5814] close(4) = 0 [pid 5814] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5813] <... futex resumed>) = 0 [pid 5814] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5813] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5814] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5813] <... futex resumed>) = 0 [pid 5814] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5813] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5814] <... openat resumed>) = 4 [pid 5814] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5813] <... futex resumed>) = 0 [pid 5814] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5813] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5814] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5813] <... futex resumed>) = 0 [pid 5814] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5813] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5814] <... openat resumed>) = 5 [pid 5814] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5813] <... futex resumed>) = 0 [pid 5814] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5813] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5814] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5813] <... futex resumed>) = 0 [pid 5814] write(4, "\x00\x00", 2 [pid 5813] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5814] <... write resumed>) = 2 [pid 5814] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5813] <... futex resumed>) = 0 [pid 5814] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5813] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5814] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5813] <... futex resumed>) = 0 [pid 5814] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5813] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5814] <... mmap resumed>) = 0x20000000 [pid 5813] <... futex resumed>) = 0 [pid 5814] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5813] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5814] <... futex resumed>) = 0 [pid 5813] <... mmap resumed>) = 0x7f2656608000 [pid 5814] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5813] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5813] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5815 attached [pid 5815] set_robust_list(0x7f26566289e0, 24 [pid 5813] <... clone resumed>, parent_tid=[5815], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5815 [pid 5815] <... set_robust_list resumed>) = 0 [pid 5813] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5813] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5815] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5815] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5815] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5813] <... futex resumed>) = 0 [pid 5813] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5814] <... futex resumed>) = 0 [pid 5813] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5814] getdents64(-1, [pid 5815] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5814] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5814] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5813] <... futex resumed>) = 0 [pid 5814] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5813] exit_group(0 [pid 5814] <... futex resumed>) = ? [pid 5813] <... exit_group resumed>) = ? [pid 5814] +++ exited with 0 +++ [pid 5815] <... futex resumed>) = ? [pid 5815] +++ exited with 0 +++ [pid 5813] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5813, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./245", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./245", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./245/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./245/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./245/binderfs") = 0 [ 96.860391][ T5814] loop0: detected capacity change from 0 to 256 [ 96.870477][ T5814] exfat: Deprecated parameter 'utf8' [ 96.881137][ T5814] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./245/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./245/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./245/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./245/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./245/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./245/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./245") = 0 mkdir("./246", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5816 ./strace-static-x86_64: Process 5816 attached [pid 5816] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5816] chdir("./246") = 0 [pid 5816] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5816] setpgid(0, 0) = 0 [pid 5816] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5816] write(3, "1000", 4) = 4 [pid 5816] close(3) = 0 [pid 5816] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5816] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5816] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5816] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5816] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5817 attached , parent_tid=[5817], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5817 [pid 5816] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5817] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5816] <... futex resumed>) = 0 [pid 5817] memfd_create("syzkaller", 0 [pid 5816] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5817] <... memfd_create resumed>) = 3 [pid 5817] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5817] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5817] munmap(0x7f2656609000, 131072) = 0 [pid 5817] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5817] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5817] close(3) = 0 [pid 5817] mkdir("./file2", 0777) = 0 [pid 5817] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5817] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5817] chdir("./file2") = 0 [pid 5817] ioctl(4, LOOP_CLR_FD) = 0 [pid 5817] close(4) = 0 [pid 5817] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5816] <... futex resumed>) = 0 [pid 5816] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5816] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5817] <... futex resumed>) = 1 [pid 5817] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5817] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5816] <... futex resumed>) = 0 [pid 5816] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5816] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5817] <... futex resumed>) = 1 [pid 5817] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5817] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5816] <... futex resumed>) = 0 [pid 5816] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5816] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5817] <... futex resumed>) = 1 [pid 5817] write(4, "\x00\x00", 2) = 2 [pid 5817] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5816] <... futex resumed>) = 0 [pid 5816] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5816] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5817] <... futex resumed>) = 1 [pid 5816] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5817] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5816] <... mmap resumed>) = 0x7f2656608000 [pid 5817] <... mmap resumed>) = 0x20000000 [pid 5816] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5816] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5818 attached , parent_tid=[5818], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5818 [pid 5817] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5816] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5817] <... futex resumed>) = 0 [pid 5816] <... futex resumed>) = 0 [pid 5817] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5816] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5818] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5818] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5818] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5818] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5816] <... futex resumed>) = 0 [pid 5818] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5816] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5817] <... futex resumed>) = 0 [pid 5816] <... futex resumed>) = 1 [pid 5817] getdents64(-1, [pid 5816] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5817] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5817] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5816] <... futex resumed>) = 0 [pid 5817] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5816] exit_group(0 [pid 5818] <... futex resumed>) = ? [pid 5817] <... futex resumed>) = ? [pid 5816] <... exit_group resumed>) = ? [pid 5818] +++ exited with 0 +++ [pid 5817] +++ exited with 0 +++ [pid 5816] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5816, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./246", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./246", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./246/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./246/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./246/binderfs") = 0 [ 96.980715][ T5817] loop0: detected capacity change from 0 to 256 [ 96.990117][ T5817] exfat: Deprecated parameter 'utf8' [ 97.001387][ T5817] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./246/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./246/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./246/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./246/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./246/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./246/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./246") = 0 mkdir("./247", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5819 ./strace-static-x86_64: Process 5819 attached [pid 5819] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5819] chdir("./247") = 0 [pid 5819] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5819] setpgid(0, 0) = 0 [pid 5819] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5819] write(3, "1000", 4) = 4 [pid 5819] close(3) = 0 [pid 5819] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5819] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5819] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5819] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5819] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5820 attached , parent_tid=[5820], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5820 [pid 5820] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5820] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5819] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... futex resumed>) = 0 [pid 5819] <... futex resumed>) = 1 [pid 5819] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5820] memfd_create("syzkaller", 0) = 3 [pid 5820] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5820] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5820] munmap(0x7f2656609000, 131072) = 0 [pid 5820] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5820] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5820] close(3) = 0 [pid 5820] mkdir("./file2", 0777) = 0 [pid 5820] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5820] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5820] chdir("./file2") = 0 [pid 5820] ioctl(4, LOOP_CLR_FD) = 0 [pid 5820] close(4) = 0 [pid 5820] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5819] <... futex resumed>) = 0 [pid 5820] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5819] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5820] <... futex resumed>) = 0 [pid 5820] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5819] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] <... openat resumed>) = 4 [pid 5820] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5820] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5819] <... futex resumed>) = 0 [pid 5819] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5820] <... futex resumed>) = 0 [pid 5819] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5820] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5819] <... futex resumed>) = 0 [pid 5820] write(4, "\x00\x00", 2 [pid 5819] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5819] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] <... write resumed>) = 2 [pid 5820] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5819] <... futex resumed>) = 0 [pid 5820] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5819] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5819] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5819] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5820] <... mmap resumed>) = 0x20000000 [pid 5820] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5819] <... mmap resumed>) = 0x7f2656608000 [pid 5819] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5820] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5819] <... mprotect resumed>) = 0 [pid 5819] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5821 attached [pid 5821] set_robust_list(0x7f26566289e0, 24 [pid 5819] <... clone resumed>, parent_tid=[5821], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5821 [pid 5821] <... set_robust_list resumed>) = 0 [pid 5819] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5821] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5819] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5821] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5819] <... futex resumed>) = 0 [pid 5821] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5819] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5819] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] <... futex resumed>) = 0 [pid 5820] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5820] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5819] <... futex resumed>) = 0 [pid 5820] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5819] exit_group(0 [pid 5820] <... futex resumed>) = ? [pid 5819] <... exit_group resumed>) = ? [pid 5820] +++ exited with 0 +++ [pid 5821] <... futex resumed>) = ? [pid 5821] +++ exited with 0 +++ [pid 5819] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5819, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./247", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./247", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./247/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./247/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./247/binderfs") = 0 umount2("./247/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./247/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./247/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./247/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./247/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 [ 97.112444][ T5820] loop0: detected capacity change from 0 to 256 [ 97.121047][ T5820] exfat: Deprecated parameter 'utf8' [ 97.131090][ T5820] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) rmdir("./247/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./247") = 0 mkdir("./248", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5822 ./strace-static-x86_64: Process 5822 attached [pid 5822] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5822] chdir("./248") = 0 [pid 5822] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5822] setpgid(0, 0) = 0 [pid 5822] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5822] write(3, "1000", 4) = 4 [pid 5822] close(3) = 0 [pid 5822] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5822] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5822] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5822] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5822] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5823 attached , parent_tid=[5823], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5823 [pid 5823] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5823] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5822] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5823] <... futex resumed>) = 0 [pid 5823] memfd_create("syzkaller", 0 [pid 5822] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5823] <... memfd_create resumed>) = 3 [pid 5823] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5823] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5823] munmap(0x7f2656609000, 131072) = 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5823] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5823] close(3) = 0 [pid 5823] mkdir("./file2", 0777) = 0 [pid 5823] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5823] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5823] chdir("./file2") = 0 [pid 5823] ioctl(4, LOOP_CLR_FD) = 0 [pid 5823] close(4) = 0 [pid 5823] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5822] <... futex resumed>) = 0 [pid 5822] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5822] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5823] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5823] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... futex resumed>) = 0 [pid 5822] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5822] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5823] <... futex resumed>) = 1 [pid 5823] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5823] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... futex resumed>) = 0 [pid 5822] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5822] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5823] <... futex resumed>) = 1 [pid 5823] write(4, "\x00\x00", 2) = 2 [pid 5823] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5822] <... futex resumed>) = 0 [pid 5823] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5822] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5822] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5822] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5823] <... mmap resumed>) = 0x20000000 [pid 5822] <... mmap resumed>) = 0x7f2656608000 [pid 5822] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5823] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5823] <... futex resumed>) = 0 [pid 5823] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5824 attached [pid 5824] set_robust_list(0x7f26566289e0, 24 [pid 5822] <... clone resumed>, parent_tid=[5824], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5824 [pid 5824] <... set_robust_list resumed>) = 0 [pid 5822] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5824] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5822] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5824] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5824] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5822] <... futex resumed>) = 0 [pid 5824] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5822] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5823] <... futex resumed>) = 0 [pid 5822] <... futex resumed>) = 1 [pid 5823] getdents64(-1, [pid 5822] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5823] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5823] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5822] <... futex resumed>) = 0 [pid 5823] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5822] exit_group(0 [pid 5824] <... futex resumed>) = ? [pid 5823] <... futex resumed>) = ? [pid 5822] <... exit_group resumed>) = ? [pid 5824] +++ exited with 0 +++ [pid 5823] +++ exited with 0 +++ [pid 5822] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5822, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [ 97.220128][ T5823] loop0: detected capacity change from 0 to 256 [ 97.231155][ T5823] exfat: Deprecated parameter 'utf8' [ 97.242079][ T5823] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./248", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./248", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./248/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./248/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./248/binderfs") = 0 umount2("./248/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./248/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./248/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./248/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./248/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./248/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./248") = 0 mkdir("./249", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5825 attached , child_tidptr=0x555556b3a6d0) = 5825 [pid 5825] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5825] chdir("./249") = 0 [pid 5825] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5825] setpgid(0, 0) = 0 [pid 5825] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5825] write(3, "1000", 4) = 4 [pid 5825] close(3) = 0 [pid 5825] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5825] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5825] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5825] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5825] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5826 attached , parent_tid=[5826], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5826 [pid 5826] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5826] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5825] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5826] <... futex resumed>) = 0 [pid 5825] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5826] memfd_create("syzkaller", 0) = 3 [pid 5826] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5826] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5826] munmap(0x7f2656609000, 131072) = 0 [pid 5826] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5826] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5826] close(3) = 0 [pid 5826] mkdir("./file2", 0777) = 0 [pid 5826] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5826] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5826] chdir("./file2") = 0 [pid 5826] ioctl(4, LOOP_CLR_FD) = 0 [pid 5826] close(4) = 0 [pid 5826] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5825] <... futex resumed>) = 0 [pid 5825] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5825] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5826] <... futex resumed>) = 1 [pid 5826] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5826] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5825] <... futex resumed>) = 0 [pid 5825] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5825] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5826] <... futex resumed>) = 1 [pid 5826] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5826] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5825] <... futex resumed>) = 0 [pid 5825] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5825] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5826] write(4, "\x00\x00", 2) = 2 [pid 5826] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5825] <... futex resumed>) = 0 [pid 5826] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5825] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5825] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5825] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5825] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5825] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5827], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5827 [pid 5825] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5827 attached ) = 0 [pid 5825] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5827] set_robust_list(0x7f26566289e0, 24 [pid 5826] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5827] <... set_robust_list resumed>) = 0 [pid 5827] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5826] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5827] <... openat resumed>) = 6 [pid 5826] <... mmap resumed>) = 0x20000000 [pid 5827] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5826] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5825] <... futex resumed>) = 0 [pid 5827] <... futex resumed>) = 1 [pid 5826] getdents64(6, [pid 5825] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5827] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5825] <... futex resumed>) = 0 [pid 5826] <... getdents64 resumed>NULL, 32776) = -1 EFAULT (Bad address) [pid 5825] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5826] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5825] <... futex resumed>) = 0 [pid 5826] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5825] exit_group(0) = ? [pid 5826] <... futex resumed>) = ? [pid 5827] <... futex resumed>) = ? [pid 5827] +++ exited with 0 +++ [pid 5826] +++ exited with 0 +++ [pid 5825] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5825, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./249", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./249", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./249/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./249/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./249/binderfs") = 0 umount2("./249/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./249/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./249/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./249/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./249/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./249/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 [ 97.363932][ T5826] loop0: detected capacity change from 0 to 256 [ 97.372711][ T5826] exfat: Deprecated parameter 'utf8' [ 97.383404][ T5826] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) rmdir("./249") = 0 mkdir("./250", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5828 ./strace-static-x86_64: Process 5828 attached [pid 5828] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5828] chdir("./250") = 0 [pid 5828] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5828] setpgid(0, 0) = 0 [pid 5828] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5828] write(3, "1000", 4) = 4 [pid 5828] close(3) = 0 [pid 5828] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5828] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5828] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5828] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5828] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5829 attached , parent_tid=[5829], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5829 [pid 5829] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5829] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5828] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5829] <... futex resumed>) = 0 [pid 5829] memfd_create("syzkaller", 0) = 3 [pid 5829] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5828] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5829] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5829] munmap(0x7f2656609000, 131072) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5829] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5829] close(3) = 0 [pid 5829] mkdir("./file2", 0777) = 0 [pid 5829] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5829] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5829] chdir("./file2") = 0 [pid 5829] ioctl(4, LOOP_CLR_FD) = 0 [pid 5829] close(4) = 0 [pid 5829] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5828] <... futex resumed>) = 0 [pid 5828] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5828] <... futex resumed>) = 0 [pid 5828] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5829] <... openat resumed>) = 4 [pid 5829] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5828] <... futex resumed>) = 0 [pid 5829] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5828] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5828] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5829] <... openat resumed>) = 5 [pid 5829] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5828] <... futex resumed>) = 0 [pid 5828] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] write(4, "\x00\x00", 2 [pid 5828] <... futex resumed>) = 0 [pid 5828] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5829] <... write resumed>) = 2 [pid 5829] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5828] <... futex resumed>) = 0 [pid 5828] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5828] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5828] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5828] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5829] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5828] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5830 attached , parent_tid=[5830], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5830 [pid 5830] set_robust_list(0x7f26566289e0, 24 [pid 5828] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... set_robust_list resumed>) = 0 [pid 5828] <... futex resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5828] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5829] <... mmap resumed>) = 0x20000000 [pid 5829] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5830] <... openat resumed>) = 6 [pid 5829] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5830] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5828] <... futex resumed>) = 0 [pid 5830] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5828] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5828] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5829] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5829] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 5829] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5828] <... futex resumed>) = 0 [pid 5828] exit_group(0) = ? [pid 5829] +++ exited with 0 +++ [pid 5830] <... futex resumed>) = ? [pid 5830] +++ exited with 0 +++ [pid 5828] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5828, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./250", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./250", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./250/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./250/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./250/binderfs") = 0 umount2("./250/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 97.472946][ T5829] loop0: detected capacity change from 0 to 256 [ 97.481704][ T5829] exfat: Deprecated parameter 'utf8' [ 97.493134][ T5829] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./250/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./250/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./250/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./250/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./250/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./250") = 0 mkdir("./251", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5831 ./strace-static-x86_64: Process 5831 attached [pid 5831] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5831] chdir("./251") = 0 [pid 5831] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5831] setpgid(0, 0) = 0 [pid 5831] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5831] write(3, "1000", 4) = 4 [pid 5831] close(3) = 0 [pid 5831] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5831] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5831] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5831] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5831] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5832 attached [pid 5832] set_robust_list(0x7f265ea299e0, 24 [pid 5831] <... clone resumed>, parent_tid=[5832], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5832 [pid 5832] <... set_robust_list resumed>) = 0 [pid 5831] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5832] memfd_create("syzkaller", 0 [pid 5831] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5832] <... memfd_create resumed>) = 3 [pid 5832] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5832] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5832] munmap(0x7f2656609000, 131072) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5832] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5832] close(3) = 0 [pid 5832] mkdir("./file2", 0777) = 0 [pid 5832] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5832] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5832] chdir("./file2") = 0 [pid 5832] ioctl(4, LOOP_CLR_FD) = 0 [pid 5832] close(4) = 0 [pid 5832] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5831] <... futex resumed>) = 0 [pid 5831] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5831] <... futex resumed>) = 0 [pid 5831] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] <... openat resumed>) = 4 [pid 5832] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5831] <... futex resumed>) = 0 [pid 5831] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5831] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5832] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5831] <... futex resumed>) = 0 [pid 5831] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5831] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] write(4, "\x00\x00", 2) = 2 [pid 5832] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5831] <... futex resumed>) = 0 [pid 5831] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5831] <... futex resumed>) = 0 [pid 5831] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5831] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5832] <... mmap resumed>) = 0x20000000 [pid 5831] <... mmap resumed>) = 0x7f2656608000 [pid 5832] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5832] <... futex resumed>) = 0 [pid 5831] <... mprotect resumed>) = 0 [pid 5832] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5831] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5833 attached [pid 5833] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5833] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5831] <... clone resumed>, parent_tid=[5833], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5833 [pid 5831] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5833] <... futex resumed>) = 0 [pid 5833] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5833] openat(AT_FDCWD, "", O_RDONLY [pid 5831] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5833] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5833] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5831] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5831] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5832] <... futex resumed>) = 0 [pid 5831] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5832] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5831] <... futex resumed>) = 0 [pid 5831] exit_group(0 [pid 5833] <... futex resumed>) = ? [pid 5831] <... exit_group resumed>) = ? [pid 5833] +++ exited with 0 +++ [pid 5832] +++ exited with 0 +++ [pid 5831] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5831, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [ 97.589635][ T5832] loop0: detected capacity change from 0 to 256 [ 97.608542][ T5832] exfat: Deprecated parameter 'utf8' [ 97.619396][ T5832] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./251", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./251", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./251/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./251/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./251/binderfs") = 0 umount2("./251/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./251/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./251/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./251/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./251/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./251/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./251") = 0 mkdir("./252", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5834 ./strace-static-x86_64: Process 5834 attached [pid 5834] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5834] chdir("./252") = 0 [pid 5834] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5834] setpgid(0, 0) = 0 [pid 5834] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5834] write(3, "1000", 4) = 4 [pid 5834] close(3) = 0 [pid 5834] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5834] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5834] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5834] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5835 attached , parent_tid=[5835], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5835 [pid 5835] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5835] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5835] <... futex resumed>) = 0 [pid 5834] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5835] memfd_create("syzkaller", 0) = 3 [pid 5835] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5835] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5835] munmap(0x7f2656609000, 131072) = 0 [pid 5835] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5835] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5835] close(3) = 0 [pid 5835] mkdir("./file2", 0777) = 0 [pid 5835] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5835] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5835] chdir("./file2") = 0 [pid 5835] ioctl(4, LOOP_CLR_FD) = 0 [pid 5835] close(4) = 0 [pid 5835] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5834] <... futex resumed>) = 0 [pid 5834] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5835] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5834] <... futex resumed>) = 0 [pid 5834] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5835] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5834] <... futex resumed>) = 0 [pid 5834] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] write(4, "\x00\x00", 2) = 2 [pid 5835] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5834] <... futex resumed>) = 0 [pid 5835] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5834] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5835] <... mmap resumed>) = 0x20000000 [pid 5834] <... mmap resumed>) = 0x7f2656608000 [pid 5835] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5835] <... futex resumed>) = 0 [pid 5835] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5836 attached , parent_tid=[5836], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5836 [pid 5836] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5836] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5836] <... futex resumed>) = 0 [pid 5836] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5836] openat(AT_FDCWD, "", O_RDONLY [pid 5834] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5836] <... openat resumed>) = -1 ENOENT (No such file or directory) [ 97.740120][ T5835] loop0: detected capacity change from 0 to 256 [ 97.760431][ T5835] exfat: Deprecated parameter 'utf8' [ 97.770445][ T5835] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5836] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5836] <... futex resumed>) = 0 [pid 5836] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5834] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] <... futex resumed>) = 0 [pid 5835] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5835] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5834] <... futex resumed>) = 0 [pid 5834] exit_group(0) = ? [pid 5836] <... futex resumed>) = ? [pid 5836] +++ exited with 0 +++ [pid 5835] +++ exited with 0 +++ [pid 5834] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5834, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./252", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./252", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./252/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./252/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./252/binderfs") = 0 umount2("./252/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./252/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./252/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./252/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./252/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./252/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./252") = 0 mkdir("./253", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5837 ./strace-static-x86_64: Process 5837 attached [pid 5837] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5837] chdir("./253") = 0 [pid 5837] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5837] setpgid(0, 0) = 0 [pid 5837] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5837] write(3, "1000", 4) = 4 [pid 5837] close(3) = 0 [pid 5837] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5837] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5837] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5837] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5837] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5838], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5838 [pid 5837] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5837] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5838 attached [pid 5838] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5838] memfd_create("syzkaller", 0) = 3 [pid 5838] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5838] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5838] munmap(0x7f2656609000, 131072) = 0 [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5838] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5838] close(3) = 0 [pid 5838] mkdir("./file2", 0777) = 0 [pid 5838] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5838] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5838] chdir("./file2") = 0 [pid 5838] ioctl(4, LOOP_CLR_FD) = 0 [pid 5838] close(4) = 0 [pid 5838] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5837] <... futex resumed>) = 0 [pid 5837] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5837] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5838] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5838] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5837] <... futex resumed>) = 0 [pid 5837] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5837] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5838] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5838] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5837] <... futex resumed>) = 0 [pid 5837] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5837] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5838] write(4, "\x00\x00", 2) = 2 [pid 5838] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5837] <... futex resumed>) = 0 [pid 5837] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5837] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5837] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5838] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5837] <... mmap resumed>) = 0x7f2656608000 [pid 5837] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5838] <... mmap resumed>) = 0x20000000 [pid 5837] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5839 attached [pid 5838] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5837] <... clone resumed>, parent_tid=[5839], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5839 [pid 5837] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5837] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5838] <... futex resumed>) = 0 [pid 5839] set_robust_list(0x7f26566289e0, 24 [pid 5838] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5839] <... set_robust_list resumed>) = 0 [pid 5839] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5839] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5839] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5837] <... futex resumed>) = 0 [pid 5837] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5838] <... futex resumed>) = 0 [pid 5837] <... futex resumed>) = 1 [pid 5838] getdents64(-1, [pid 5837] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5839] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5838] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5838] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5837] <... futex resumed>) = 0 [pid 5838] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5837] exit_group(0 [pid 5838] <... futex resumed>) = ? [pid 5837] <... exit_group resumed>) = ? [pid 5839] <... futex resumed>) = ? [pid 5838] +++ exited with 0 +++ [pid 5839] +++ exited with 0 +++ [pid 5837] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5837, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./253", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./253", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./253/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./253/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./253/binderfs") = 0 [ 97.887588][ T5838] loop0: detected capacity change from 0 to 256 [ 97.896594][ T5838] exfat: Deprecated parameter 'utf8' [ 97.908776][ T5838] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./253/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./253/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./253/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./253/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./253/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./253/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./253") = 0 mkdir("./254", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5840 attached [pid 5840] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5840] chdir("./254") = 0 [pid 5840] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5840] setpgid(0, 0) = 0 [pid 5840] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5078] <... clone resumed>, child_tidptr=0x555556b3a6d0) = 5840 [pid 5840] <... openat resumed>) = 3 [pid 5840] write(3, "1000", 4) = 4 [pid 5840] close(3) = 0 [pid 5840] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5840] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5840] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5840] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5840] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5841 attached , parent_tid=[5841], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5841 [pid 5841] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5841] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5840] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5840] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5841] <... futex resumed>) = 0 [pid 5841] memfd_create("syzkaller", 0) = 3 [pid 5841] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5841] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5841] munmap(0x7f2656609000, 131072) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5841] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5841] close(3) = 0 [pid 5841] mkdir("./file2", 0777) = 0 [pid 5841] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5841] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5841] chdir("./file2") = 0 [pid 5841] ioctl(4, LOOP_CLR_FD) = 0 [pid 5841] close(4) = 0 [pid 5841] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5840] <... futex resumed>) = 0 [pid 5840] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5840] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5841] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5841] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5840] <... futex resumed>) = 0 [pid 5841] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5840] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5840] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5841] <... openat resumed>) = 5 [pid 5841] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5840] <... futex resumed>) = 0 [pid 5840] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5840] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5841] write(4, "\x00\x00", 2) = 2 [pid 5841] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5840] <... futex resumed>) = 0 [pid 5841] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5840] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5840] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5840] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5841] <... mmap resumed>) = 0x20000000 [pid 5841] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5840] <... mmap resumed>) = 0x7f2656608000 [pid 5840] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5841] <... futex resumed>) = 0 [pid 5841] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5840] <... mprotect resumed>) = 0 [pid 5840] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5842 attached , parent_tid=[5842], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5842 [pid 5842] set_robust_list(0x7f26566289e0, 24 [pid 5840] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5842] <... set_robust_list resumed>) = 0 [pid 5840] <... futex resumed>) = 0 [pid 5840] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5842] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5842] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5842] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5840] <... futex resumed>) = 0 [pid 5842] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5840] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5841] <... futex resumed>) = 0 [pid 5840] <... futex resumed>) = 1 [pid 5840] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5841] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5841] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5840] <... futex resumed>) = 0 [pid 5841] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5840] exit_group(0 [pid 5841] <... futex resumed>) = ? [pid 5840] <... exit_group resumed>) = ? [pid 5841] +++ exited with 0 +++ [pid 5842] <... futex resumed>) = ? [pid 5842] +++ exited with 0 +++ [pid 5840] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5840, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./254", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./254", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./254/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./254/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./254/binderfs") = 0 umount2("./254/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 98.019041][ T5841] loop0: detected capacity change from 0 to 256 [ 98.028086][ T5841] exfat: Deprecated parameter 'utf8' [ 98.039589][ T5841] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./254/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./254/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./254/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./254/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./254/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./254") = 0 mkdir("./255", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5843 ./strace-static-x86_64: Process 5843 attached [pid 5843] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5843] chdir("./255") = 0 [pid 5843] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5843] setpgid(0, 0) = 0 [pid 5843] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5843] write(3, "1000", 4) = 4 [pid 5843] close(3) = 0 [pid 5843] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5843] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5843] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5843] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5843] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5844 attached , parent_tid=[5844], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5844 [pid 5843] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5843] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5844] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5844] memfd_create("syzkaller", 0) = 3 [pid 5844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5844] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5844] munmap(0x7f2656609000, 131072) = 0 [pid 5844] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5844] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5844] close(3) = 0 [pid 5844] mkdir("./file2", 0777) = 0 [pid 5844] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5844] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5844] chdir("./file2") = 0 [pid 5844] ioctl(4, LOOP_CLR_FD) = 0 [pid 5844] close(4) = 0 [pid 5844] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5843] <... futex resumed>) = 0 [pid 5844] <... futex resumed>) = 1 [pid 5843] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5843] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5844] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5844] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5843] <... futex resumed>) = 0 [pid 5844] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5843] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5843] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5844] <... openat resumed>) = 5 [pid 5844] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5843] <... futex resumed>) = 0 [pid 5844] <... futex resumed>) = 1 [pid 5844] write(4, "\x00\x00", 2 [pid 5843] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5843] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5844] <... write resumed>) = 2 [pid 5844] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5843] <... futex resumed>) = 0 [pid 5843] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5843] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5843] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5844] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5843] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5844] <... mmap resumed>) = 0x20000000 [pid 5843] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5844] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5843] <... clone resumed>, parent_tid=[5845], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5845 [pid 5843] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5843] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5845 attached [pid 5844] <... futex resumed>) = 0 [pid 5845] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5845] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5844] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5845] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5845] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5843] <... futex resumed>) = 0 [pid 5843] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5843] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5845] <... futex resumed>) = 1 [pid 5845] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5844] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5844] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5844] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5843] <... futex resumed>) = 0 [pid 5843] exit_group(0) = ? [pid 5845] <... futex resumed>) = ? [pid 5844] +++ exited with 0 +++ [pid 5845] +++ exited with 0 +++ [pid 5843] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5843, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./255", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./255", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./255/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./255/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./255/binderfs") = 0 [ 98.145378][ T5844] loop0: detected capacity change from 0 to 256 [ 98.154271][ T5844] exfat: Deprecated parameter 'utf8' [ 98.165679][ T5844] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./255/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./255/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./255/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./255/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./255/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./255/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./255") = 0 mkdir("./256", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5846 ./strace-static-x86_64: Process 5846 attached [pid 5846] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5846] chdir("./256") = 0 [pid 5846] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5846] setpgid(0, 0) = 0 [pid 5846] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5846] write(3, "1000", 4) = 4 [pid 5846] close(3) = 0 [pid 5846] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5846] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5846] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5846] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5846] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5847 attached , parent_tid=[5847], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5847 [pid 5846] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5846] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5847] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5847] memfd_create("syzkaller", 0) = 3 [pid 5847] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5847] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5847] munmap(0x7f2656609000, 131072) = 0 [pid 5847] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5847] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5847] close(3) = 0 [pid 5847] mkdir("./file2", 0777) = 0 [pid 5847] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5847] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5847] chdir("./file2") = 0 [pid 5847] ioctl(4, LOOP_CLR_FD) = 0 [pid 5847] close(4) = 0 [pid 5847] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5847] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5846] <... futex resumed>) = 0 [pid 5846] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5847] <... futex resumed>) = 0 [pid 5846] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5847] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5847] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5847] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5846] <... futex resumed>) = 0 [pid 5846] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5846] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5847] <... futex resumed>) = 0 [pid 5847] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5847] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] <... futex resumed>) = 0 [pid 5846] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5846] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5847] <... futex resumed>) = 1 [pid 5847] write(4, "\x00\x00", 2) = 2 [pid 5847] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5846] <... futex resumed>) = 0 [pid 5847] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5846] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5847] <... mmap resumed>) = 0x20000000 [pid 5846] <... futex resumed>) = 0 [pid 5846] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5847] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5847] <... futex resumed>) = 0 [pid 5846] <... mmap resumed>) = 0x7f2656608000 [pid 5847] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5846] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5846] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5848], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5848 [pid 5846] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5846] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5848 attached [pid 5848] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5848] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5848] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5848] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] <... futex resumed>) = 0 [pid 5846] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5848] <... futex resumed>) = 1 [pid 5847] <... futex resumed>) = 0 [pid 5846] <... futex resumed>) = 1 [pid 5848] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5847] getdents64(-1, [pid 5846] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5847] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5847] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5846] <... futex resumed>) = 0 [pid 5847] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5846] exit_group(0 [pid 5848] <... futex resumed>) = ? [pid 5847] <... futex resumed>) = ? [pid 5846] <... exit_group resumed>) = ? [pid 5848] +++ exited with 0 +++ [pid 5847] +++ exited with 0 +++ [pid 5846] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5846, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./256", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./256", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./256/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./256/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./256/binderfs") = 0 [ 98.269471][ T5847] loop0: detected capacity change from 0 to 256 [ 98.278786][ T5847] exfat: Deprecated parameter 'utf8' [ 98.289697][ T5847] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./256/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./256/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./256/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./256/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./256/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./256/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./256") = 0 mkdir("./257", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5849 ./strace-static-x86_64: Process 5849 attached [pid 5849] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5849] chdir("./257") = 0 [pid 5849] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5849] setpgid(0, 0) = 0 [pid 5849] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5849] write(3, "1000", 4) = 4 [pid 5849] close(3) = 0 [pid 5849] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5849] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5849] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5849] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5849] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5850], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5850 [pid 5849] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5849] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5850 attached [pid 5850] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5850] memfd_create("syzkaller", 0) = 3 [pid 5850] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5850] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5850] munmap(0x7f2656609000, 131072) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5850] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5850] close(3) = 0 [pid 5850] mkdir("./file2", 0777) = 0 [pid 5850] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5850] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5850] chdir("./file2") = 0 [pid 5850] ioctl(4, LOOP_CLR_FD) = 0 [pid 5850] close(4) = 0 [pid 5850] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5850] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5849] <... futex resumed>) = 0 [pid 5849] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5850] <... futex resumed>) = 0 [pid 5849] <... futex resumed>) = 1 [pid 5850] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5849] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5850] <... openat resumed>) = 4 [pid 5850] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5849] <... futex resumed>) = 0 [pid 5850] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5849] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5850] <... openat resumed>) = 5 [pid 5849] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5850] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5849] <... futex resumed>) = 0 [pid 5850] write(4, "\x00\x00", 2 [pid 5849] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5850] <... write resumed>) = 2 [pid 5849] <... futex resumed>) = 0 [pid 5850] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5849] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5850] <... futex resumed>) = 0 [pid 5849] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5850] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5849] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5850] <... mmap resumed>) = 0x20000000 [pid 5849] <... futex resumed>) = 0 [pid 5850] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5849] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5850] <... futex resumed>) = 0 [pid 5849] <... futex resumed>) = 0 [pid 5850] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5849] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5849] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5849] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5851], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5851 [pid 5849] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5849] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5851 attached [pid 5851] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5851] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5851] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5851] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5849] <... futex resumed>) = 0 [pid 5849] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5850] <... futex resumed>) = 0 [pid 5849] <... futex resumed>) = 1 [pid 5850] getdents64(-1, [pid 5849] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5850] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5850] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5849] <... futex resumed>) = 0 [pid 5850] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5849] exit_group(0 [pid 5850] <... futex resumed>) = ? [pid 5849] <... exit_group resumed>) = ? [pid 5850] +++ exited with 0 +++ [pid 5851] <... futex resumed>) = ? [pid 5851] +++ exited with 0 +++ [pid 5849] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5849, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./257", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./257", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./257/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./257/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./257/binderfs") = 0 umount2("./257/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./257/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./257/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./257/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./257/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./257/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./257") = 0 mkdir("./258", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5852 [ 98.392330][ T5850] loop0: detected capacity change from 0 to 256 [ 98.402174][ T5850] exfat: Deprecated parameter 'utf8' [ 98.412732][ T5850] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) ./strace-static-x86_64: Process 5852 attached [pid 5852] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5852] chdir("./258") = 0 [pid 5852] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5852] setpgid(0, 0) = 0 [pid 5852] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5852] write(3, "1000", 4) = 4 [pid 5852] close(3) = 0 [pid 5852] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5852] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5852] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5852] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5852] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5853 attached [pid 5853] set_robust_list(0x7f265ea299e0, 24 [pid 5852] <... clone resumed>, parent_tid=[5853], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5853 [pid 5853] <... set_robust_list resumed>) = 0 [pid 5852] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5852] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5853] memfd_create("syzkaller", 0) = 3 [pid 5853] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5853] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5853] munmap(0x7f2656609000, 131072) = 0 [pid 5853] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5853] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5853] close(3) = 0 [pid 5853] mkdir("./file2", 0777) = 0 [pid 5853] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5853] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5853] chdir("./file2") = 0 [pid 5853] ioctl(4, LOOP_CLR_FD) = 0 [pid 5853] close(4) = 0 [pid 5853] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] <... futex resumed>) = 0 [pid 5852] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5852] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] <... futex resumed>) = 1 [pid 5853] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5853] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] <... futex resumed>) = 0 [pid 5852] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5852] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] <... futex resumed>) = 1 [pid 5853] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5853] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] <... futex resumed>) = 0 [pid 5852] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5852] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] <... futex resumed>) = 1 [pid 5853] write(4, "\x00\x00", 2) = 2 [pid 5853] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] <... futex resumed>) = 0 [pid 5852] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5852] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5852] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5852] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5852] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5854], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5854 [pid 5852] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5852] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] <... futex resumed>) = 1 [pid 5853] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5853] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5853] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5854 attached [pid 5854] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5854] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5854] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5854] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] <... futex resumed>) = 0 [pid 5852] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5852] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] <... futex resumed>) = 0 [pid 5853] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5853] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] <... futex resumed>) = 0 [pid 5852] exit_group(0) = ? [pid 5853] <... futex resumed>) = ? [pid 5853] +++ exited with 0 +++ [pid 5854] <... futex resumed>) = ? [pid 5854] +++ exited with 0 +++ [pid 5852] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5852, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./258", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./258", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./258/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./258/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./258/binderfs") = 0 umount2("./258/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./258/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./258/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./258/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./258/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./258/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./258") = 0 [ 98.496484][ T5853] loop0: detected capacity change from 0 to 256 [ 98.515154][ T5853] exfat: Deprecated parameter 'utf8' [ 98.524786][ T5853] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) mkdir("./259", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5855 ./strace-static-x86_64: Process 5855 attached [pid 5855] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5855] chdir("./259") = 0 [pid 5855] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5855] setpgid(0, 0) = 0 [pid 5855] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5855] write(3, "1000", 4) = 4 [pid 5855] close(3) = 0 [pid 5855] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5855] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5855] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5855] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5855] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5856], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5856 [pid 5855] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5855] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5856 attached [pid 5856] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5856] memfd_create("syzkaller", 0) = 3 [pid 5856] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5856] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5856] munmap(0x7f2656609000, 131072) = 0 [pid 5856] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5856] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5856] close(3) = 0 [pid 5856] mkdir("./file2", 0777) = 0 [pid 5856] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5856] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5856] chdir("./file2") = 0 [pid 5856] ioctl(4, LOOP_CLR_FD) = 0 [pid 5856] close(4) = 0 [pid 5856] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5855] <... futex resumed>) = 0 [pid 5855] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5855] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5856] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5856] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5855] <... futex resumed>) = 0 [pid 5855] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5855] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5856] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5856] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5855] <... futex resumed>) = 0 [pid 5856] write(4, "\x00\x00", 2 [pid 5855] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] <... write resumed>) = 2 [pid 5855] <... futex resumed>) = 0 [pid 5856] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5856] <... futex resumed>) = 0 [pid 5855] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5856] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5855] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] <... mmap resumed>) = 0x20000000 [pid 5855] <... futex resumed>) = 0 [pid 5856] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] <... futex resumed>) = 0 [pid 5855] <... futex resumed>) = 0 [pid 5856] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5855] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5855] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5855] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5857 attached , parent_tid=[5857], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5857 [pid 5857] set_robust_list(0x7f26566289e0, 24 [pid 5855] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5855] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5857] <... set_robust_list resumed>) = 0 [pid 5857] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5857] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5857] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5855] <... futex resumed>) = 0 [pid 5855] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] <... futex resumed>) = 0 [pid 5855] <... futex resumed>) = 1 [pid 5856] getdents64(-1, [pid 5855] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5857] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5856] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5856] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5855] <... futex resumed>) = 0 [pid 5856] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5855] exit_group(0 [pid 5856] <... futex resumed>) = ? [pid 5855] <... exit_group resumed>) = ? [pid 5856] +++ exited with 0 +++ [pid 5857] <... futex resumed>) = ? [ 98.600060][ T5856] loop0: detected capacity change from 0 to 256 [ 98.610329][ T5856] exfat: Deprecated parameter 'utf8' [ 98.620902][ T5856] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5857] +++ exited with 0 +++ [pid 5855] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5855, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./259", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./259", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./259/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./259/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./259/binderfs") = 0 umount2("./259/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./259/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./259/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./259/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./259/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./259/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./259") = 0 mkdir("./260", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5858 ./strace-static-x86_64: Process 5858 attached [pid 5858] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5858] chdir("./260") = 0 [pid 5858] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5858] setpgid(0, 0) = 0 [pid 5858] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5858] write(3, "1000", 4) = 4 [pid 5858] close(3) = 0 [pid 5858] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5858] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5858] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5858] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5858] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5859 attached , parent_tid=[5859], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5859 [pid 5859] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5859] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5858] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5859] <... futex resumed>) = 0 [pid 5858] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5859] memfd_create("syzkaller", 0) = 3 [pid 5859] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5859] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5859] munmap(0x7f2656609000, 131072) = 0 [pid 5859] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5859] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5859] close(3) = 0 [pid 5859] mkdir("./file2", 0777) = 0 [pid 5859] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5859] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5859] chdir("./file2") = 0 [pid 5859] ioctl(4, LOOP_CLR_FD) = 0 [pid 5859] close(4) = 0 [pid 5859] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5858] <... futex resumed>) = 0 [pid 5858] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5858] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5859] <... futex resumed>) = 1 [pid 5859] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5859] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5858] <... futex resumed>) = 0 [pid 5858] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5858] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5859] <... futex resumed>) = 1 [pid 5859] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5859] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5858] <... futex resumed>) = 0 [pid 5858] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5859] <... futex resumed>) = 1 [pid 5858] <... futex resumed>) = 0 [pid 5859] write(4, "\x00\x00", 2 [pid 5858] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5859] <... write resumed>) = 2 [pid 5859] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5858] <... futex resumed>) = 0 [pid 5859] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5858] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5858] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5859] <... mmap resumed>) = 0x20000000 [pid 5858] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5859] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5858] <... mmap resumed>) = 0x7f2656608000 [pid 5859] <... futex resumed>) = 0 [pid 5858] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5859] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5858] <... mprotect resumed>) = 0 [pid 5858] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5860 attached , parent_tid=[5860], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5860 [pid 5858] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5858] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5860] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5860] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5860] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5860] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5858] <... futex resumed>) = 0 [pid 5860] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5858] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5859] <... futex resumed>) = 0 [pid 5858] <... futex resumed>) = 1 [pid 5859] getdents64(-1, [pid 5858] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5859] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5859] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5858] <... futex resumed>) = 0 [pid 5859] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5858] exit_group(0 [pid 5860] <... futex resumed>) = ? [pid 5859] <... futex resumed>) = ? [pid 5858] <... exit_group resumed>) = ? [pid 5860] +++ exited with 0 +++ [pid 5859] +++ exited with 0 +++ [pid 5858] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5858, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./260", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./260", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./260/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./260/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./260/binderfs") = 0 umount2("./260/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./260/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 98.749722][ T5859] loop0: detected capacity change from 0 to 256 [ 98.758777][ T5859] exfat: Deprecated parameter 'utf8' [ 98.770457][ T5859] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) lstat("./260/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./260/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./260/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./260/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./260") = 0 mkdir("./261", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5861 ./strace-static-x86_64: Process 5861 attached [pid 5861] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5861] chdir("./261") = 0 [pid 5861] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5861] setpgid(0, 0) = 0 [pid 5861] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5861] write(3, "1000", 4) = 4 [pid 5861] close(3) = 0 [pid 5861] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5861] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5861] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5861] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5861] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5862], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5862 [pid 5861] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5861] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5862 attached [pid 5862] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5862] memfd_create("syzkaller", 0) = 3 [pid 5862] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5862] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5862] munmap(0x7f2656609000, 131072) = 0 [pid 5862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5862] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5862] close(3) = 0 [pid 5862] mkdir("./file2", 0777) = 0 [pid 5862] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5862] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5862] chdir("./file2") = 0 [pid 5862] ioctl(4, LOOP_CLR_FD) = 0 [pid 5862] close(4) = 0 [pid 5862] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5861] <... futex resumed>) = 0 [pid 5861] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5861] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5862] <... futex resumed>) = 1 [pid 5862] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5862] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5861] <... futex resumed>) = 0 [pid 5862] <... futex resumed>) = 1 [pid 5862] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5861] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5861] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5862] <... openat resumed>) = 5 [pid 5862] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5861] <... futex resumed>) = 0 [pid 5862] write(4, "\x00\x00", 2 [pid 5861] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5861] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5862] <... write resumed>) = 2 [pid 5862] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5861] <... futex resumed>) = 0 [pid 5861] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5861] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5861] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5861] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5861] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5863], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5863 ./strace-static-x86_64: Process 5863 attached [pid 5861] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5863] set_robust_list(0x7f26566289e0, 24 [pid 5861] <... futex resumed>) = 0 [pid 5863] <... set_robust_list resumed>) = 0 [pid 5861] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5863] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5862] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5862] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5863] <... openat resumed>) = 6 [pid 5862] <... futex resumed>) = 0 [pid 5863] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5861] <... futex resumed>) = 0 [pid 5861] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5861] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5863] <... futex resumed>) = 1 [pid 5862] getdents64(6, [pid 5863] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5862] <... getdents64 resumed>NULL, 32776) = -1 EFAULT (Bad address) [pid 5862] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5861] <... futex resumed>) = 0 [pid 5862] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5861] exit_group(0) = ? [pid 5862] <... futex resumed>) = ? [pid 5862] +++ exited with 0 +++ [pid 5863] <... futex resumed>) = ? [pid 5863] +++ exited with 0 +++ [pid 5861] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5861, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./261", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./261", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./261/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./261/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./261/binderfs") = 0 [ 98.878377][ T5862] loop0: detected capacity change from 0 to 256 [ 98.888334][ T5862] exfat: Deprecated parameter 'utf8' [ 98.899968][ T5862] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./261/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./261/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./261/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./261/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./261/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./261/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./261") = 0 mkdir("./262", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5864 ./strace-static-x86_64: Process 5864 attached [pid 5864] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5864] chdir("./262") = 0 [pid 5864] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5864] setpgid(0, 0) = 0 [pid 5864] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5864] write(3, "1000", 4) = 4 [pid 5864] close(3) = 0 [pid 5864] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5864] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5864] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5864] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5864] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5865], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5865 [pid 5864] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5864] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5865 attached [pid 5865] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5865] memfd_create("syzkaller", 0) = 3 [pid 5865] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5865] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5865] munmap(0x7f2656609000, 131072) = 0 [pid 5865] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5865] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5865] close(3) = 0 [pid 5865] mkdir("./file2", 0777) = 0 [pid 5865] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5865] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5865] chdir("./file2") = 0 [pid 5865] ioctl(4, LOOP_CLR_FD) = 0 [pid 5865] close(4) = 0 [pid 5865] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5864] <... futex resumed>) = 0 [pid 5864] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5864] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5865] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5865] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5864] <... futex resumed>) = 0 [pid 5864] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5864] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5865] <... futex resumed>) = 1 [pid 5865] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5865] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5864] <... futex resumed>) = 0 [pid 5864] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5864] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5865] <... futex resumed>) = 1 [pid 5865] write(4, "\x00\x00", 2) = 2 [pid 5865] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5864] <... futex resumed>) = 0 [pid 5864] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5864] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5864] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5864] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5864] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5866], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5866 [pid 5864] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5865] <... futex resumed>) = 1 [pid 5864] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5866 attached [pid 5865] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5866] set_robust_list(0x7f26566289e0, 24 [pid 5865] <... mmap resumed>) = 0x20000000 [pid 5865] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5865] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5866] <... set_robust_list resumed>) = 0 [pid 5866] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5866] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5866] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5864] <... futex resumed>) = 0 [pid 5864] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5865] <... futex resumed>) = 0 [pid 5864] <... futex resumed>) = 1 [pid 5865] getdents64(-1, [pid 5864] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5865] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5865] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5864] <... futex resumed>) = 0 [pid 5866] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5865] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5864] exit_group(0 [pid 5865] <... futex resumed>) = ? [pid 5864] <... exit_group resumed>) = ? [pid 5866] <... futex resumed>) = ? [pid 5865] +++ exited with 0 +++ [pid 5866] +++ exited with 0 +++ [pid 5864] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5864, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./262", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./262", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./262/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./262/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./262/binderfs") = 0 umount2("./262/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 98.983533][ T5865] loop0: detected capacity change from 0 to 256 [ 98.994107][ T5865] exfat: Deprecated parameter 'utf8' [ 99.005321][ T5865] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./262/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./262/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./262/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./262/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./262/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./262") = 0 mkdir("./263", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5867 ./strace-static-x86_64: Process 5867 attached [pid 5867] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5867] chdir("./263") = 0 [pid 5867] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5867] setpgid(0, 0) = 0 [pid 5867] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5867] write(3, "1000", 4) = 4 [pid 5867] close(3) = 0 [pid 5867] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5867] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5867] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5867] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5867] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5868 attached , parent_tid=[5868], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5868 [pid 5868] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5868] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5867] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5868] <... futex resumed>) = 0 [pid 5867] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5868] memfd_create("syzkaller", 0) = 3 [pid 5868] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5868] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5868] munmap(0x7f2656609000, 131072) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5868] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5868] close(3) = 0 [pid 5868] mkdir("./file2", 0777) = 0 [pid 5868] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5868] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5868] chdir("./file2") = 0 [pid 5868] ioctl(4, LOOP_CLR_FD) = 0 [pid 5868] close(4) = 0 [pid 5868] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5867] <... futex resumed>) = 0 [pid 5867] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5868] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5867] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... openat resumed>) = 4 [pid 5868] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] <... futex resumed>) = 0 [pid 5867] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5867] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... futex resumed>) = 1 [pid 5868] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5868] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5867] <... futex resumed>) = 0 [pid 5867] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5867] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] write(4, "\x00\x00", 2) = 2 [pid 5868] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5867] <... futex resumed>) = 0 [pid 5867] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5867] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5867] <... futex resumed>) = 0 [pid 5867] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5868] <... mmap resumed>) = 0x20000000 [pid 5867] <... mmap resumed>) = 0x7f2656608000 [pid 5867] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5868] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] <... mprotect resumed>) = 0 [pid 5868] <... futex resumed>) = 0 [pid 5867] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5868] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5867] <... clone resumed>, parent_tid=[5869], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5869 [pid 5867] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5867] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5869 attached [pid 5869] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5869] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5869] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5869] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] <... futex resumed>) = 0 [pid 5867] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... futex resumed>) = 0 [pid 5867] <... futex resumed>) = 1 [pid 5868] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5868] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5868] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5867] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5867] exit_group(0 [pid 5868] <... futex resumed>) = ? [pid 5867] <... exit_group resumed>) = ? [pid 5868] +++ exited with 0 +++ [pid 5869] <... futex resumed>) = ? [pid 5869] +++ exited with 0 +++ [pid 5867] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5867, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./263", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./263", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 99.108066][ T5868] loop0: detected capacity change from 0 to 256 [ 99.116797][ T5868] exfat: Deprecated parameter 'utf8' [ 99.128401][ T5868] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./263/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./263/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./263/binderfs") = 0 umount2("./263/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./263/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./263/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./263/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./263/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./263/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./263") = 0 mkdir("./264", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5870 ./strace-static-x86_64: Process 5870 attached [pid 5870] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5870] chdir("./264") = 0 [pid 5870] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5870] setpgid(0, 0) = 0 [pid 5870] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5870] write(3, "1000", 4) = 4 [pid 5870] close(3) = 0 [pid 5870] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5870] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5870] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5870] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5870] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5871 attached , parent_tid=[5871], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5871 [pid 5871] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5871] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5870] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5871] <... futex resumed>) = 0 [pid 5871] memfd_create("syzkaller", 0 [pid 5870] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5871] <... memfd_create resumed>) = 3 [pid 5871] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5871] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5871] munmap(0x7f2656609000, 131072) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5871] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5871] close(3) = 0 [pid 5871] mkdir("./file2", 0777) = 0 [pid 5871] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5871] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5871] chdir("./file2") = 0 [pid 5871] ioctl(4, LOOP_CLR_FD) = 0 [pid 5871] close(4) = 0 [pid 5871] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5870] <... futex resumed>) = 0 [pid 5871] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5870] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5870] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... futex resumed>) = 0 [pid 5871] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5871] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... futex resumed>) = 0 [pid 5870] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5870] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... futex resumed>) = 1 [pid 5871] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5871] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... futex resumed>) = 0 [pid 5870] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5870] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... futex resumed>) = 1 [pid 5871] write(4, "\x00\x00", 2) = 2 [pid 5871] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5870] <... futex resumed>) = 0 [pid 5871] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5870] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5870] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... mmap resumed>) = 0x20000000 [pid 5870] <... futex resumed>) = 0 [pid 5871] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5871] <... futex resumed>) = 0 [pid 5870] <... mmap resumed>) = 0x7f2656608000 [pid 5871] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5870] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5870] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5872 attached , parent_tid=[5872], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5872 [pid 5870] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5870] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5872] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5872] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5872] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5870] <... futex resumed>) = 0 [ 99.242933][ T5871] loop0: detected capacity change from 0 to 256 [ 99.251562][ T5871] exfat: Deprecated parameter 'utf8' [ 99.262455][ T5871] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5872] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5870] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5871] <... futex resumed>) = 0 [pid 5870] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5871] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5870] <... futex resumed>) = 0 [pid 5871] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5870] exit_group(0) = ? [pid 5872] <... futex resumed>) = ? [pid 5871] <... futex resumed>) = ? [pid 5872] +++ exited with 0 +++ [pid 5871] +++ exited with 0 +++ [pid 5870] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5870, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./264", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./264", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./264/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./264/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./264/binderfs") = 0 umount2("./264/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./264/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./264/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./264/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./264/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./264/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./264") = 0 mkdir("./265", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5873 ./strace-static-x86_64: Process 5873 attached [pid 5873] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5873] chdir("./265") = 0 [pid 5873] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5873] setpgid(0, 0) = 0 [pid 5873] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5873] write(3, "1000", 4) = 4 [pid 5873] close(3) = 0 [pid 5873] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5873] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5873] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5873] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5873] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5874], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5874 [pid 5873] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5873] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5874 attached [pid 5874] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5874] memfd_create("syzkaller", 0) = 3 [pid 5874] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5874] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5874] munmap(0x7f2656609000, 131072) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5874] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5874] close(3) = 0 [pid 5874] mkdir("./file2", 0777) = 0 [pid 5874] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5874] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5874] chdir("./file2") = 0 [pid 5874] ioctl(4, LOOP_CLR_FD) = 0 [pid 5874] close(4) = 0 [pid 5874] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5874] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5873] <... futex resumed>) = 0 [pid 5873] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5874] <... futex resumed>) = 0 [pid 5874] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5873] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5874] <... openat resumed>) = 4 [pid 5874] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5873] <... futex resumed>) = 0 [pid 5874] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5873] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5874] <... openat resumed>) = 5 [pid 5874] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5874] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5873] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5873] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] <... futex resumed>) = 0 [pid 5873] <... futex resumed>) = 1 [pid 5874] write(4, "\x00\x00", 2 [pid 5873] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5874] <... write resumed>) = 2 [pid 5874] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5873] <... futex resumed>) = 0 [pid 5873] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5874] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5873] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5874] <... mmap resumed>) = 0x20000000 [pid 5873] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5874] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5873] <... mmap resumed>) = 0x7f2656608000 [pid 5873] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5874] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5873] <... mprotect resumed>) = 0 [pid 5873] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5875 attached , parent_tid=[5875], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5875 [pid 5875] set_robust_list(0x7f26566289e0, 24 [pid 5873] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5875] <... set_robust_list resumed>) = 0 [pid 5873] <... futex resumed>) = 0 [pid 5875] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5873] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5875] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5875] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5873] <... futex resumed>) = 0 [pid 5875] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5873] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5873] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5874] <... futex resumed>) = 0 [pid 5874] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5874] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5873] <... futex resumed>) = 0 [pid 5874] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5873] exit_group(0 [pid 5875] <... futex resumed>) = ? [pid 5874] <... futex resumed>) = ? [pid 5873] <... exit_group resumed>) = ? [pid 5875] +++ exited with 0 +++ [pid 5874] +++ exited with 0 +++ [pid 5873] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5873, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./265", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./265", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./265/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./265/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./265/binderfs") = 0 umount2("./265/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./265/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./265/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./265/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./265/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 99.372335][ T5874] loop0: detected capacity change from 0 to 256 [ 99.382112][ T5874] exfat: Deprecated parameter 'utf8' [ 99.393457][ T5874] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./265/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./265") = 0 mkdir("./266", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5876 ./strace-static-x86_64: Process 5876 attached [pid 5876] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5876] chdir("./266") = 0 [pid 5876] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5876] setpgid(0, 0) = 0 [pid 5876] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5876] write(3, "1000", 4) = 4 [pid 5876] close(3) = 0 [pid 5876] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5876] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5876] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5876] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5876] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5877 attached , parent_tid=[5877], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5877 [pid 5876] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5876] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5877] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5877] memfd_create("syzkaller", 0) = 3 [pid 5877] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5877] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5877] munmap(0x7f2656609000, 131072) = 0 [pid 5877] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5877] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5877] close(3) = 0 [pid 5877] mkdir("./file2", 0777) = 0 [pid 5877] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5877] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5877] chdir("./file2") = 0 [pid 5877] ioctl(4, LOOP_CLR_FD) = 0 [pid 5877] close(4) = 0 [pid 5877] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5876] <... futex resumed>) = 0 [pid 5876] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5876] <... futex resumed>) = 0 [pid 5876] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5877] <... openat resumed>) = 4 [pid 5877] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5876] <... futex resumed>) = 0 [pid 5876] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5876] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5877] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5877] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5876] <... futex resumed>) = 0 [pid 5876] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5876] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5877] write(4, "\x00\x00", 2) = 2 [pid 5877] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5876] <... futex resumed>) = 0 [pid 5876] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5876] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5876] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5876] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5876] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5878], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5878 [pid 5876] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5878 attached [pid 5876] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5878] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5878] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5877] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5877] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5878] <... openat resumed>) = 6 [pid 5878] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5876] <... futex resumed>) = 0 [pid 5878] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5876] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5876] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5877] <... futex resumed>) = 1 [pid 5876] <... futex resumed>) = 0 [pid 5876] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5877] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 5877] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5876] <... futex resumed>) = 0 [pid 5877] <... futex resumed>) = 1 [pid 5876] exit_group(0) = ? [pid 5878] <... futex resumed>) = ? [ 99.492161][ T5877] loop0: detected capacity change from 0 to 256 [ 99.502966][ T5877] exfat: Deprecated parameter 'utf8' [ 99.513004][ T5877] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5878] +++ exited with 0 +++ [pid 5877] +++ exited with 0 +++ [pid 5876] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5876, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./266", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./266", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./266/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./266/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./266/binderfs") = 0 umount2("./266/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./266/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./266/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./266/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./266/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./266/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./266") = 0 mkdir("./267", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5879 ./strace-static-x86_64: Process 5879 attached [pid 5879] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5879] chdir("./267") = 0 [pid 5879] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5879] setpgid(0, 0) = 0 [pid 5879] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5879] write(3, "1000", 4) = 4 [pid 5879] close(3) = 0 [pid 5879] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5879] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5879] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5879] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5879] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5880 attached , parent_tid=[5880], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5880 [pid 5879] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5879] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5880] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5880] memfd_create("syzkaller", 0) = 3 [pid 5880] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5880] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5880] munmap(0x7f2656609000, 131072) = 0 [pid 5880] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5880] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5880] close(3) = 0 [pid 5880] mkdir("./file2", 0777) = 0 [pid 5880] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5880] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5880] chdir("./file2") = 0 [pid 5880] ioctl(4, LOOP_CLR_FD) = 0 [pid 5880] close(4) = 0 [pid 5880] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5879] <... futex resumed>) = 0 [pid 5879] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5880] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5879] <... futex resumed>) = 0 [pid 5879] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5880] <... openat resumed>) = 4 [pid 5880] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] <... futex resumed>) = 0 [pid 5879] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5879] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5880] <... futex resumed>) = 1 [pid 5880] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5880] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] <... futex resumed>) = 0 [pid 5879] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5879] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5880] <... futex resumed>) = 1 [pid 5880] write(4, "\x00\x00", 2) = 2 [pid 5880] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] <... futex resumed>) = 0 [pid 5879] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5879] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5879] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5879] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5879] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5881], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5881 [pid 5879] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5879] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5880] <... futex resumed>) = 1 [pid 5880] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0./strace-static-x86_64: Process 5881 attached ) = 0x20000000 [pid 5880] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5880] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5881] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5881] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5881] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5881] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] <... futex resumed>) = 0 [pid 5879] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5879] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5880] <... futex resumed>) = 0 [pid 5880] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5880] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] <... futex resumed>) = 0 [pid 5879] exit_group(0) = ? [pid 5880] <... futex resumed>) = ? [pid 5880] +++ exited with 0 +++ [pid 5881] <... futex resumed>) = ? [pid 5881] +++ exited with 0 +++ [pid 5879] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5879, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./267", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./267", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./267/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./267/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./267/binderfs") = 0 umount2("./267/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./267/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./267/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./267/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./267/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 99.630108][ T5880] loop0: detected capacity change from 0 to 256 [ 99.639659][ T5880] exfat: Deprecated parameter 'utf8' [ 99.650451][ T5880] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./267/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./267") = 0 mkdir("./268", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5882 ./strace-static-x86_64: Process 5882 attached [pid 5882] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5882] chdir("./268") = 0 [pid 5882] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5882] setpgid(0, 0) = 0 [pid 5882] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5882] write(3, "1000", 4) = 4 [pid 5882] close(3) = 0 [pid 5882] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5882] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5882] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5882] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5882] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5883], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5883 [pid 5882] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5882] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5883 attached [pid 5883] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5883] memfd_create("syzkaller", 0) = 3 [pid 5883] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5883] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5883] munmap(0x7f2656609000, 131072) = 0 [pid 5883] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5883] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5883] close(3) = 0 [pid 5883] mkdir("./file2", 0777) = 0 [pid 5883] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5883] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5883] chdir("./file2") = 0 [pid 5883] ioctl(4, LOOP_CLR_FD) = 0 [pid 5883] close(4) = 0 [pid 5883] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] <... futex resumed>) = 0 [pid 5883] <... futex resumed>) = 1 [pid 5882] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5883] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5882] <... futex resumed>) = 0 [pid 5882] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5883] <... openat resumed>) = 4 [pid 5883] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] <... futex resumed>) = 0 [pid 5883] <... futex resumed>) = 1 [pid 5882] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5883] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5882] <... futex resumed>) = 0 [pid 5882] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5883] <... openat resumed>) = 5 [pid 5883] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5882] <... futex resumed>) = 0 [pid 5883] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5882] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5883] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5882] <... futex resumed>) = 0 [pid 5883] write(4, "\x00\x00", 2 [pid 5882] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5883] <... write resumed>) = 2 [pid 5883] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5882] <... futex resumed>) = 0 [pid 5883] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5882] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5883] <... mmap resumed>) = 0x20000000 [pid 5882] <... futex resumed>) = 0 [pid 5882] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5882] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5882] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5882] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5884], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5884 [pid 5882] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5882] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5884 attached [pid 5884] set_robust_list(0x7f26566289e0, 24 [pid 5883] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] <... set_robust_list resumed>) = 0 [pid 5883] <... futex resumed>) = 0 [pid 5883] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5884] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5884] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5884] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5882] <... futex resumed>) = 0 [pid 5882] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5883] <... futex resumed>) = 0 [pid 5882] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5883] getdents64(-1, [pid 5884] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5883] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5883] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] <... futex resumed>) = 0 [pid 5883] <... futex resumed>) = 1 [pid 5883] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5882] exit_group(0) = ? [pid 5883] <... futex resumed>) = ? [pid 5884] <... futex resumed>) = ? [pid 5884] +++ exited with 0 +++ [pid 5883] +++ exited with 0 +++ [pid 5882] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5882, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./268", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./268", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./268/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./268/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./268/binderfs") = 0 [ 99.747469][ T5883] loop0: detected capacity change from 0 to 256 [ 99.756770][ T5883] exfat: Deprecated parameter 'utf8' [ 99.766698][ T5883] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./268/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./268/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./268/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./268/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./268/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./268/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./268") = 0 mkdir("./269", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5885 ./strace-static-x86_64: Process 5885 attached [pid 5885] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5885] chdir("./269") = 0 [pid 5885] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5885] setpgid(0, 0) = 0 [pid 5885] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5885] write(3, "1000", 4) = 4 [pid 5885] close(3) = 0 [pid 5885] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5885] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5885] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5885] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5885] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5886 attached , parent_tid=[5886], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5886 [pid 5886] set_robust_list(0x7f265ea299e0, 24 [pid 5885] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5886] <... set_robust_list resumed>) = 0 [pid 5885] <... futex resumed>) = 0 [pid 5885] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5886] memfd_create("syzkaller", 0) = 3 [pid 5886] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5886] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5886] munmap(0x7f2656609000, 131072) = 0 [pid 5886] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5886] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5886] close(3) = 0 [pid 5886] mkdir("./file2", 0777) = 0 [pid 5886] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5886] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5886] chdir("./file2") = 0 [pid 5886] ioctl(4, LOOP_CLR_FD) = 0 [pid 5886] close(4) = 0 [pid 5886] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5885] <... futex resumed>) = 0 [pid 5885] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5886] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5885] <... futex resumed>) = 0 [pid 5885] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5886] <... openat resumed>) = 4 [pid 5886] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5885] <... futex resumed>) = 0 [pid 5886] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5885] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5885] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5886] <... openat resumed>) = 5 [pid 5886] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5885] <... futex resumed>) = 0 [pid 5886] write(4, "\x00\x00", 2 [pid 5885] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5886] <... write resumed>) = 2 [pid 5885] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5886] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5885] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5886] <... futex resumed>) = 0 [pid 5885] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5886] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5885] <... futex resumed>) = 0 [pid 5885] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5886] <... mmap resumed>) = 0x20000000 [pid 5885] <... futex resumed>) = 0 [pid 5886] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5885] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5886] <... futex resumed>) = 0 [pid 5885] <... mmap resumed>) = 0x7f2656608000 [pid 5886] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5885] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5885] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5887 attached , parent_tid=[5887], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5887 [pid 5887] set_robust_list(0x7f26566289e0, 24 [pid 5885] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5887] <... set_robust_list resumed>) = 0 [pid 5885] <... futex resumed>) = 0 [pid 5887] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5885] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5887] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5887] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5885] <... futex resumed>) = 0 [pid 5885] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5886] <... futex resumed>) = 0 [pid 5885] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5886] getdents64(-1, [pid 5887] <... futex resumed>) = 1 [pid 5886] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5886] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5887] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5886] <... futex resumed>) = 1 [pid 5885] <... futex resumed>) = 0 [pid 5886] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5885] exit_group(0 [pid 5886] <... futex resumed>) = ? [pid 5885] <... exit_group resumed>) = ? [pid 5886] +++ exited with 0 +++ [pid 5887] <... futex resumed>) = ? [pid 5887] +++ exited with 0 +++ [pid 5885] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5885, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./269", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./269", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./269/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./269/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./269/binderfs") = 0 umount2("./269/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./269/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./269/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./269/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./269/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./269/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./269") = 0 [ 99.871969][ T5886] loop0: detected capacity change from 0 to 256 [ 99.881453][ T5886] exfat: Deprecated parameter 'utf8' [ 99.892981][ T5886] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) mkdir("./270", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5888 ./strace-static-x86_64: Process 5888 attached [pid 5888] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5888] chdir("./270") = 0 [pid 5888] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5888] setpgid(0, 0) = 0 [pid 5888] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5888] write(3, "1000", 4) = 4 [pid 5888] close(3) = 0 [pid 5888] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5888] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5888] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5888] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5888] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5889 attached [pid 5889] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5889] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5888] <... clone resumed>, parent_tid=[5889], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5889 [pid 5888] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5889] <... futex resumed>) = 0 [pid 5889] memfd_create("syzkaller", 0 [pid 5888] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5889] <... memfd_create resumed>) = 3 [pid 5889] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5889] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5889] munmap(0x7f2656609000, 131072) = 0 [pid 5889] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5889] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5889] close(3) = 0 [pid 5889] mkdir("./file2", 0777) = 0 [pid 5889] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5889] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5889] chdir("./file2") = 0 [pid 5889] ioctl(4, LOOP_CLR_FD) = 0 [pid 5889] close(4) = 0 [pid 5889] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5888] <... futex resumed>) = 0 [pid 5888] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5889] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5888] <... futex resumed>) = 0 [pid 5888] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5889] <... openat resumed>) = 4 [pid 5889] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5888] <... futex resumed>) = 0 [pid 5888] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5888] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5889] <... futex resumed>) = 1 [pid 5889] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5889] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5888] <... futex resumed>) = 0 [pid 5888] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5888] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5889] <... futex resumed>) = 1 [pid 5889] write(4, "\x00\x00", 2) = 2 [pid 5889] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5888] <... futex resumed>) = 0 [pid 5888] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5888] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5888] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5888] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5888] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5890 attached , parent_tid=[5890], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5890 [pid 5890] set_robust_list(0x7f26566289e0, 24 [pid 5888] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5890] <... set_robust_list resumed>) = 0 [pid 5888] <... futex resumed>) = 0 [pid 5890] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5888] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5889] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5889] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5890] <... openat resumed>) = 6 [pid 5889] <... futex resumed>) = 0 [pid 5890] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5889] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5888] <... futex resumed>) = 0 [pid 5888] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5889] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5888] <... futex resumed>) = 0 [pid 5889] getdents64(6, [pid 5888] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5890] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5889] <... getdents64 resumed>NULL, 32776) = -1 EFAULT (Bad address) [pid 5889] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5888] <... futex resumed>) = 0 [pid 5889] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5888] exit_group(0) = ? [pid 5889] <... futex resumed>) = ? [pid 5889] +++ exited with 0 +++ [pid 5890] <... futex resumed>) = ? [pid 5890] +++ exited with 0 +++ [pid 5888] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5888, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./270", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./270", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./270/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./270/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./270/binderfs") = 0 [ 99.991429][ T5889] loop0: detected capacity change from 0 to 256 [ 100.002114][ T5889] exfat: Deprecated parameter 'utf8' [ 100.011995][ T5889] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./270/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./270/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./270/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./270/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./270/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./270/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./270") = 0 mkdir("./271", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5891 ./strace-static-x86_64: Process 5891 attached [pid 5891] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5891] chdir("./271") = 0 [pid 5891] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5891] setpgid(0, 0) = 0 [pid 5891] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5891] write(3, "1000", 4) = 4 [pid 5891] close(3) = 0 [pid 5891] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5891] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5891] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5891] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5891] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5892], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5892 [pid 5891] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5891] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5892 attached [pid 5892] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5892] memfd_create("syzkaller", 0) = 3 [pid 5892] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5892] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5892] munmap(0x7f2656609000, 131072) = 0 [pid 5892] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5892] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5892] close(3) = 0 [pid 5892] mkdir("./file2", 0777) = 0 [pid 5892] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5892] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5892] chdir("./file2") = 0 [pid 5892] ioctl(4, LOOP_CLR_FD) = 0 [pid 5892] close(4) = 0 [pid 5892] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] <... futex resumed>) = 0 [pid 5892] <... futex resumed>) = 1 [pid 5891] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5891] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5892] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5892] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5891] <... futex resumed>) = 0 [pid 5891] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5891] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5892] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5892] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] <... futex resumed>) = 0 [pid 5892] <... futex resumed>) = 1 [pid 5891] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5891] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5892] write(4, "\x00\x00", 2) = 2 [pid 5892] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] <... futex resumed>) = 0 [pid 5892] <... futex resumed>) = 1 [pid 5891] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5891] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5891] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5891] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5891] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5893], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5893 [pid 5891] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5891] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5892] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5892] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5892] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5893 attached [pid 5893] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5893] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5893] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5893] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5893] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5891] <... futex resumed>) = 0 [pid 5891] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5891] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5892] <... futex resumed>) = 0 [pid 5892] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5892] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5891] <... futex resumed>) = 0 [pid 5892] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5891] exit_group(0 [pid 5893] <... futex resumed>) = ? [pid 5892] <... futex resumed>) = ? [pid 5891] <... exit_group resumed>) = ? [pid 5892] +++ exited with 0 +++ [pid 5893] +++ exited with 0 +++ [pid 5891] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5891, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./271", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./271", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./271/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./271/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./271/binderfs") = 0 [ 100.120701][ T5892] loop0: detected capacity change from 0 to 256 [ 100.129691][ T5892] exfat: Deprecated parameter 'utf8' [ 100.141487][ T5892] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./271/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./271/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./271/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./271/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./271/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./271/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./271") = 0 mkdir("./272", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5894 attached [pid 5894] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5894] chdir("./272") = 0 [pid 5894] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5894] setpgid(0, 0) = 0 [pid 5894] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5894] write(3, "1000", 4) = 4 [pid 5894] close(3) = 0 [pid 5894] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5078] <... clone resumed>, child_tidptr=0x555556b3a6d0) = 5894 [pid 5894] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5894] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5894] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5894] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5895 attached , parent_tid=[5895], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5895 [pid 5895] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5895] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5894] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5895] <... futex resumed>) = 0 [pid 5895] memfd_create("syzkaller", 0) = 3 [pid 5894] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5895] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5895] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5895] munmap(0x7f2656609000, 131072) = 0 [pid 5895] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5895] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5895] close(3) = 0 [pid 5895] mkdir("./file2", 0777) = 0 [pid 5895] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5895] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5895] chdir("./file2") = 0 [pid 5895] ioctl(4, LOOP_CLR_FD) = 0 [pid 5895] close(4) = 0 [pid 5895] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5895] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5894] <... futex resumed>) = 0 [pid 5894] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] <... futex resumed>) = 0 [pid 5894] <... futex resumed>) = 1 [pid 5895] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5894] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5895] <... openat resumed>) = 4 [pid 5895] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5895] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5894] <... futex resumed>) = 0 [pid 5894] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] <... futex resumed>) = 0 [pid 5894] <... futex resumed>) = 1 [pid 5895] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5894] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5895] <... openat resumed>) = 5 [pid 5895] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5894] <... futex resumed>) = 0 [pid 5895] write(4, "\x00\x00", 2 [pid 5894] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] <... write resumed>) = 2 [pid 5894] <... futex resumed>) = 0 [pid 5895] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5895] <... futex resumed>) = 0 [pid 5894] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5895] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5894] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] <... mmap resumed>) = 0x20000000 [pid 5894] <... futex resumed>) = 0 [pid 5895] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] <... futex resumed>) = 0 [pid 5894] <... futex resumed>) = 0 [pid 5895] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5894] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5894] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5894] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5896], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5896 [pid 5894] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5894] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5896 attached [pid 5896] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5896] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5896] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5896] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] <... futex resumed>) = 0 [pid 5894] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] <... futex resumed>) = 0 [pid 5894] <... futex resumed>) = 1 [pid 5895] getdents64(-1, [pid 5894] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5895] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5895] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5894] <... futex resumed>) = 0 [pid 5895] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5894] exit_group(0 [pid 5895] <... futex resumed>) = ? [pid 5894] <... exit_group resumed>) = ? [pid 5895] +++ exited with 0 +++ [pid 5896] <... futex resumed>) = ? [pid 5896] +++ exited with 0 +++ [pid 5894] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5894, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./272", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./272", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./272/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./272/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./272/binderfs") = 0 [ 100.227143][ T5895] loop0: detected capacity change from 0 to 256 [ 100.235618][ T5895] exfat: Deprecated parameter 'utf8' [ 100.245689][ T5895] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./272/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./272/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./272/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./272/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./272/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./272/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./272") = 0 mkdir("./273", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5897 ./strace-static-x86_64: Process 5897 attached [pid 5897] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5897] chdir("./273") = 0 [pid 5897] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5897] setpgid(0, 0) = 0 [pid 5897] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5897] write(3, "1000", 4) = 4 [pid 5897] close(3) = 0 [pid 5897] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5897] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5897] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5897] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5897] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5898 attached , parent_tid=[5898], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5898 [pid 5897] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5898] set_robust_list(0x7f265ea299e0, 24 [pid 5897] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5898] <... set_robust_list resumed>) = 0 [pid 5898] memfd_create("syzkaller", 0) = 3 [pid 5898] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5898] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5898] munmap(0x7f2656609000, 131072) = 0 [pid 5898] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5898] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5898] close(3) = 0 [pid 5898] mkdir("./file2", 0777) = 0 [pid 5898] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5898] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5898] chdir("./file2") = 0 [pid 5898] ioctl(4, LOOP_CLR_FD) = 0 [pid 5898] close(4) = 0 [pid 5898] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5898] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5897] <... futex resumed>) = 0 [pid 5897] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5898] <... futex resumed>) = 0 [pid 5897] <... futex resumed>) = 1 [pid 5898] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5897] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5898] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5897] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5898] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5897] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5898] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5897] <... futex resumed>) = 0 [pid 5898] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5897] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5898] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5897] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5897] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5898] <... futex resumed>) = 0 [pid 5897] <... futex resumed>) = 1 [pid 5898] write(4, "\x00\x00", 2 [pid 5897] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5898] <... write resumed>) = 2 [pid 5898] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5898] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5897] <... futex resumed>) = 0 [pid 5897] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5898] <... futex resumed>) = 0 [pid 5897] <... futex resumed>) = 1 [pid 5898] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5897] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5898] <... mmap resumed>) = 0x20000000 [pid 5897] <... futex resumed>) = 0 [pid 5898] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5897] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5898] <... futex resumed>) = 0 [pid 5897] <... mmap resumed>) = 0x7f2656608000 [pid 5898] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5897] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5897] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5899], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5899 ./strace-static-x86_64: Process 5899 attached [pid 5897] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5897] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5899] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5899] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5899] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5899] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5897] <... futex resumed>) = 0 [pid 5899] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5897] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5898] <... futex resumed>) = 0 [pid 5897] <... futex resumed>) = 1 [pid 5898] getdents64(-1, [pid 5897] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5898] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5898] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5897] <... futex resumed>) = 0 [pid 5898] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5897] exit_group(0 [pid 5899] <... futex resumed>) = ? [pid 5898] <... futex resumed>) = ? [pid 5897] <... exit_group resumed>) = ? [pid 5899] +++ exited with 0 +++ [pid 5898] +++ exited with 0 +++ [pid 5897] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5897, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./273", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./273", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./273/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./273/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./273/binderfs") = 0 [ 100.348218][ T5898] loop0: detected capacity change from 0 to 256 [ 100.358134][ T5898] exfat: Deprecated parameter 'utf8' [ 100.367663][ T5898] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./273/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./273/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./273/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./273/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./273/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./273/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./273") = 0 mkdir("./274", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5900 ./strace-static-x86_64: Process 5900 attached [pid 5900] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5900] chdir("./274") = 0 [pid 5900] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5900] setpgid(0, 0) = 0 [pid 5900] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5900] write(3, "1000", 4) = 4 [pid 5900] close(3) = 0 [pid 5900] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5900] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5900] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5900] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5900] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5901], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5901 ./strace-static-x86_64: Process 5901 attached [pid 5901] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5901] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5900] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5901] <... futex resumed>) = 0 [pid 5900] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5901] memfd_create("syzkaller", 0) = 3 [pid 5901] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5901] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5901] munmap(0x7f2656609000, 131072) = 0 [pid 5901] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5901] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5901] close(3) = 0 [pid 5901] mkdir("./file2", 0777) = 0 [pid 5901] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5901] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5901] chdir("./file2") = 0 [pid 5901] ioctl(4, LOOP_CLR_FD) = 0 [pid 5901] close(4) = 0 [pid 5901] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5901] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5900] <... futex resumed>) = 0 [pid 5900] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5901] <... futex resumed>) = 0 [pid 5900] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5901] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5901] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5900] <... futex resumed>) = 0 [pid 5901] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5900] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5900] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5901] <... openat resumed>) = 5 [pid 5901] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5900] <... futex resumed>) = 0 [pid 5901] write(4, "\x00\x00", 2 [pid 5900] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5901] <... write resumed>) = 2 [pid 5900] <... futex resumed>) = 0 [pid 5901] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5900] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5901] <... futex resumed>) = 0 [pid 5900] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5901] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5900] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5901] <... mmap resumed>) = 0x20000000 [pid 5900] <... futex resumed>) = 0 [pid 5901] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5901] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5900] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5901] <... futex resumed>) = 0 [pid 5901] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5901] openat(AT_FDCWD, "", O_RDONLY [pid 5900] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5901] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5901] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5901] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5900] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5900] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5901] <... futex resumed>) = 0 [pid 5900] <... futex resumed>) = 1 [pid 5901] getdents64(-1, [pid 5900] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5901] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5901] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5900] <... futex resumed>) = 0 [pid 5901] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5900] exit_group(0 [pid 5901] <... futex resumed>) = ? [pid 5900] <... exit_group resumed>) = ? [pid 5901] +++ exited with 0 +++ [pid 5900] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5900, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./274", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./274", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./274/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./274/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./274/binderfs") = 0 umount2("./274/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./274/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./274/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./274/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./274/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 100.460492][ T5901] loop0: detected capacity change from 0 to 256 [ 100.469300][ T5901] exfat: Deprecated parameter 'utf8' [ 100.479165][ T5901] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./274/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./274") = 0 mkdir("./275", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5902 ./strace-static-x86_64: Process 5902 attached [pid 5902] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5902] chdir("./275") = 0 [pid 5902] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5902] setpgid(0, 0) = 0 [pid 5902] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5902] write(3, "1000", 4) = 4 [pid 5902] close(3) = 0 [pid 5902] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5902] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5902] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5902] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5902] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5903 attached , parent_tid=[5903], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5903 [pid 5903] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5903] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5902] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5903] <... futex resumed>) = 0 [pid 5902] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5903] memfd_create("syzkaller", 0) = 3 [pid 5903] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5903] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5903] munmap(0x7f2656609000, 131072) = 0 [pid 5903] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5903] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5903] close(3) = 0 [pid 5903] mkdir("./file2", 0777) = 0 [pid 5903] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5903] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5903] chdir("./file2") = 0 [pid 5903] ioctl(4, LOOP_CLR_FD) = 0 [pid 5903] close(4) = 0 [pid 5903] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5902] <... futex resumed>) = 0 [pid 5902] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5902] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5903] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5903] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5902] <... futex resumed>) = 0 [pid 5903] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5902] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5902] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5903] <... openat resumed>) = 5 [pid 5903] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5902] <... futex resumed>) = 0 [pid 5903] write(4, "\x00\x00", 2 [pid 5902] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5903] <... write resumed>) = 2 [pid 5902] <... futex resumed>) = 0 [pid 5903] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5902] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5903] <... futex resumed>) = 0 [pid 5902] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5903] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5902] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5903] <... mmap resumed>) = 0x20000000 [pid 5902] <... futex resumed>) = 0 [pid 5903] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5902] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5903] <... futex resumed>) = 0 [pid 5902] <... futex resumed>) = 0 [pid 5903] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5902] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5902] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5902] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5904], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5904 [pid 5902] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5902] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5904 attached [pid 5904] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5904] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5904] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5904] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5902] <... futex resumed>) = 0 [pid 5902] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5903] <... futex resumed>) = 0 [pid 5902] <... futex resumed>) = 1 [pid 5903] getdents64(-1, [pid 5902] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5903] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5903] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5902] <... futex resumed>) = 0 [pid 5903] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5902] exit_group(0 [pid 5903] <... futex resumed>) = ? [pid 5902] <... exit_group resumed>) = ? [pid 5903] +++ exited with 0 +++ [pid 5904] <... futex resumed>) = ? [pid 5904] +++ exited with 0 +++ [pid 5902] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5902, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./275", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./275", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./275/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./275/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./275/binderfs") = 0 umount2("./275/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./275/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./275/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./275/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./275/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 [ 100.581113][ T5903] loop0: detected capacity change from 0 to 256 [ 100.589816][ T5903] exfat: Deprecated parameter 'utf8' [ 100.600196][ T5903] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./275/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./275") = 0 mkdir("./276", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5905 ./strace-static-x86_64: Process 5905 attached [pid 5905] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5905] chdir("./276") = 0 [pid 5905] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5905] setpgid(0, 0) = 0 [pid 5905] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5905] write(3, "1000", 4) = 4 [pid 5905] close(3) = 0 [pid 5905] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5905] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5905] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5905] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5905] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5906 attached , parent_tid=[5906], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5906 [pid 5905] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5906] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5905] <... futex resumed>) = 0 [pid 5906] memfd_create("syzkaller", 0) = 3 [pid 5906] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5905] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5906] <... mmap resumed>) = 0x7f2656609000 [pid 5906] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5906] munmap(0x7f2656609000, 131072) = 0 [pid 5906] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5906] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5906] close(3) = 0 [pid 5906] mkdir("./file2", 0777) = 0 [pid 5906] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5906] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5906] chdir("./file2") = 0 [pid 5906] ioctl(4, LOOP_CLR_FD) = 0 [pid 5906] close(4) = 0 [pid 5906] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5906] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5905] <... futex resumed>) = 0 [pid 5905] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5906] <... futex resumed>) = 0 [pid 5905] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5906] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5906] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5906] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5905] <... futex resumed>) = 0 [pid 5905] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5906] <... futex resumed>) = 0 [pid 5906] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5905] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5906] <... openat resumed>) = 5 [pid 5906] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5905] <... futex resumed>) = 0 [pid 5906] write(4, "\x00\x00", 2 [pid 5905] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5905] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5906] <... write resumed>) = 2 [pid 5906] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5905] <... futex resumed>) = 0 [pid 5906] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5905] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5906] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5905] <... futex resumed>) = 0 [pid 5906] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5905] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5905] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5906] <... mmap resumed>) = 0x20000000 [pid 5906] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5906] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5905] <... mmap resumed>) = 0x7f2656608000 [pid 5905] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5905] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5907 attached , parent_tid=[5907], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5907 [pid 5907] set_robust_list(0x7f26566289e0, 24 [pid 5905] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5907] <... set_robust_list resumed>) = 0 [pid 5905] <... futex resumed>) = 0 [pid 5907] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5905] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5907] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5907] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5905] <... futex resumed>) = 0 [pid 5907] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5905] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5906] <... futex resumed>) = 0 [pid 5905] <... futex resumed>) = 1 [pid 5906] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5905] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5906] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5905] <... futex resumed>) = 0 [pid 5906] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5905] exit_group(0 [pid 5906] <... futex resumed>) = ? [pid 5905] <... exit_group resumed>) = ? [pid 5906] +++ exited with 0 +++ [pid 5907] <... futex resumed>) = ? [pid 5907] +++ exited with 0 +++ [pid 5905] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5905, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./276", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./276", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./276/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./276/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./276/binderfs") = 0 umount2("./276/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./276/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./276/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./276/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./276/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./276/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./276") = 0 mkdir("./277", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 100.698723][ T5906] loop0: detected capacity change from 0 to 256 [ 100.708110][ T5906] exfat: Deprecated parameter 'utf8' [ 100.720242][ T5906] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5908 ./strace-static-x86_64: Process 5908 attached [pid 5908] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5908] chdir("./277") = 0 [pid 5908] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5908] setpgid(0, 0) = 0 [pid 5908] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5908] write(3, "1000", 4) = 4 [pid 5908] close(3) = 0 [pid 5908] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5908] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5908] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5908] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5908] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5909], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5909 ./strace-static-x86_64: Process 5909 attached [pid 5909] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5909] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5908] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5909] <... futex resumed>) = 0 [pid 5908] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5909] memfd_create("syzkaller", 0) = 3 [pid 5909] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5909] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5909] munmap(0x7f2656609000, 131072) = 0 [pid 5909] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5909] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5909] close(3) = 0 [pid 5909] mkdir("./file2", 0777) = 0 [pid 5909] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5909] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5909] chdir("./file2") = 0 [pid 5909] ioctl(4, LOOP_CLR_FD) = 0 [pid 5909] close(4) = 0 [pid 5909] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5908] <... futex resumed>) = 0 [pid 5908] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5908] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5909] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5909] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5908] <... futex resumed>) = 0 [pid 5908] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5908] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5909] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5909] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5908] <... futex resumed>) = 0 [pid 5908] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5908] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5909] write(4, "\x00\x00", 2) = 2 [pid 5909] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5908] <... futex resumed>) = 0 [pid 5909] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5908] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5909] <... mmap resumed>) = 0x20000000 [pid 5908] <... futex resumed>) = 0 [pid 5908] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5908] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5908] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5909] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5908] <... mprotect resumed>) = 0 [pid 5909] <... futex resumed>) = 0 [pid 5908] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5909] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5908] <... clone resumed>, parent_tid=[5910], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5910 [pid 5908] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5910 attached ) = 0 [pid 5908] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5910] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5910] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5910] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5910] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5908] <... futex resumed>) = 0 [pid 5910] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5908] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5909] <... futex resumed>) = 0 [pid 5908] <... futex resumed>) = 1 [pid 5909] getdents64(-1, [pid 5908] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5909] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5909] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5908] <... futex resumed>) = 0 [pid 5909] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5908] exit_group(0 [pid 5910] <... futex resumed>) = ? [pid 5909] <... futex resumed>) = ? [pid 5908] <... exit_group resumed>) = ? [pid 5910] +++ exited with 0 +++ [pid 5909] +++ exited with 0 +++ [pid 5908] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5908, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./277", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./277", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./277/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./277/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./277/binderfs") = 0 [ 100.805223][ T5909] loop0: detected capacity change from 0 to 256 [ 100.815419][ T5909] exfat: Deprecated parameter 'utf8' [ 100.826181][ T5909] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./277/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./277/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./277/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./277/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./277/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./277/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./277") = 0 mkdir("./278", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5911 ./strace-static-x86_64: Process 5911 attached [pid 5911] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5911] chdir("./278") = 0 [pid 5911] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5911] setpgid(0, 0) = 0 [pid 5911] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5911] write(3, "1000", 4) = 4 [pid 5911] close(3) = 0 [pid 5911] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5911] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5911] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5911] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5911] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5912], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5912 [pid 5911] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5911] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5912 attached [pid 5912] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5912] memfd_create("syzkaller", 0) = 3 [pid 5912] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5912] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5912] munmap(0x7f2656609000, 131072) = 0 [pid 5912] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5912] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5912] close(3) = 0 [pid 5912] mkdir("./file2", 0777) = 0 [pid 5912] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5912] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5912] chdir("./file2") = 0 [pid 5912] ioctl(4, LOOP_CLR_FD) = 0 [pid 5912] close(4) = 0 [pid 5912] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5911] <... futex resumed>) = 0 [pid 5912] <... futex resumed>) = 1 [pid 5911] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5911] <... futex resumed>) = 0 [pid 5911] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5912] <... openat resumed>) = 4 [pid 5912] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5911] <... futex resumed>) = 0 [pid 5912] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5911] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5911] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5912] <... openat resumed>) = 5 [pid 5912] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5911] <... futex resumed>) = 0 [pid 5912] write(4, "\x00\x00", 2 [pid 5911] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] <... write resumed>) = 2 [pid 5911] <... futex resumed>) = 0 [pid 5912] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5911] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5912] <... futex resumed>) = 0 [pid 5911] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5912] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5911] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] <... mmap resumed>) = 0x20000000 [pid 5911] <... futex resumed>) = 0 [pid 5912] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5911] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] <... futex resumed>) = 0 [pid 5911] <... futex resumed>) = 0 [pid 5912] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5911] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5911] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5911] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5913 attached , parent_tid=[5913], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5913 [pid 5911] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5911] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5913] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5913] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5913] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5913] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5911] <... futex resumed>) = 0 [pid 5913] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5911] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] <... futex resumed>) = 0 [pid 5911] <... futex resumed>) = 1 [pid 5912] getdents64(-1, [pid 5911] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5912] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5912] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5911] <... futex resumed>) = 0 [pid 5912] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5911] exit_group(0 [pid 5913] <... futex resumed>) = ? [pid 5912] <... futex resumed>) = ? [pid 5911] <... exit_group resumed>) = ? [pid 5913] +++ exited with 0 +++ [pid 5912] +++ exited with 0 +++ [pid 5911] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5911, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./278", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./278", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./278/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./278/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./278/binderfs") = 0 umount2("./278/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 100.931141][ T5912] loop0: detected capacity change from 0 to 256 [ 100.942109][ T5912] exfat: Deprecated parameter 'utf8' [ 100.953084][ T5912] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./278/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./278/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./278/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./278/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./278/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./278") = 0 mkdir("./279", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5914 attached , child_tidptr=0x555556b3a6d0) = 5914 [pid 5914] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5914] chdir("./279") = 0 [pid 5914] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5914] setpgid(0, 0) = 0 [pid 5914] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5914] write(3, "1000", 4) = 4 [pid 5914] close(3) = 0 [pid 5914] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5914] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5914] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5914] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5914] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5915 attached , parent_tid=[5915], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5915 [pid 5914] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5914] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5915] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5915] memfd_create("syzkaller", 0) = 3 [pid 5915] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5915] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5915] munmap(0x7f2656609000, 131072) = 0 [pid 5915] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5915] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5915] close(3) = 0 [pid 5915] mkdir("./file2", 0777) = 0 [pid 5915] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5915] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5915] chdir("./file2") = 0 [pid 5915] ioctl(4, LOOP_CLR_FD) = 0 [pid 5915] close(4) = 0 [pid 5915] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5914] <... futex resumed>) = 0 [pid 5914] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5915] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5914] <... futex resumed>) = 0 [pid 5914] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5915] <... openat resumed>) = 4 [pid 5915] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5914] <... futex resumed>) = 0 [pid 5914] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5914] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5915] <... futex resumed>) = 1 [pid 5915] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5915] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5914] <... futex resumed>) = 0 [pid 5914] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5914] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5915] <... futex resumed>) = 1 [pid 5915] write(4, "\x00\x00", 2) = 2 [pid 5915] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5914] <... futex resumed>) = 0 [pid 5914] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5914] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5914] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5914] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5914] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5916 attached , parent_tid=[5916], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5916 [pid 5914] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5914] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5915] <... futex resumed>) = 1 [pid 5915] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5916] set_robust_list(0x7f26566289e0, 24 [pid 5915] <... mmap resumed>) = 0x20000000 [pid 5915] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5915] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5916] <... set_robust_list resumed>) = 0 [pid 5916] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5916] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5916] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5914] <... futex resumed>) = 0 [pid 5914] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5914] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5915] <... futex resumed>) = 0 [pid 5915] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5915] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5914] <... futex resumed>) = 0 [pid 5914] exit_group(0) = ? [pid 5915] <... futex resumed>) = ? [pid 5915] +++ exited with 0 +++ [pid 5916] <... futex resumed>) = ? [pid 5916] +++ exited with 0 +++ [pid 5914] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5914, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./279", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./279", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./279/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./279/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./279/binderfs") = 0 [ 101.060163][ T5915] loop0: detected capacity change from 0 to 256 [ 101.070026][ T5915] exfat: Deprecated parameter 'utf8' [ 101.080625][ T5915] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./279/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./279/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./279/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./279/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./279/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./279/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./279") = 0 mkdir("./280", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5917 ./strace-static-x86_64: Process 5917 attached [pid 5917] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5917] chdir("./280") = 0 [pid 5917] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5917] setpgid(0, 0) = 0 [pid 5917] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5917] write(3, "1000", 4) = 4 [pid 5917] close(3) = 0 [pid 5917] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5917] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5917] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5917] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5917] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5918], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5918 [pid 5917] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5917] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5918 attached [pid 5918] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5918] memfd_create("syzkaller", 0) = 3 [pid 5918] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5918] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5918] munmap(0x7f2656609000, 131072) = 0 [pid 5918] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5918] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5918] close(3) = 0 [pid 5918] mkdir("./file2", 0777) = 0 [pid 5918] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5918] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5918] chdir("./file2") = 0 [pid 5918] ioctl(4, LOOP_CLR_FD) = 0 [pid 5918] close(4) = 0 [pid 5918] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5917] <... futex resumed>) = 0 [pid 5918] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5917] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5918] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5917] <... futex resumed>) = 0 [pid 5918] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5917] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5918] <... openat resumed>) = 4 [pid 5918] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5917] <... futex resumed>) = 0 [pid 5918] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5917] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5918] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5917] <... futex resumed>) = 0 [pid 5917] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5918] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5918] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5917] <... futex resumed>) = 0 [pid 5918] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5917] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5918] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5917] <... futex resumed>) = 0 [pid 5918] write(4, "\x00\x00", 2 [pid 5917] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5918] <... write resumed>) = 2 [pid 5918] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5917] <... futex resumed>) = 0 [pid 5918] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5917] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5918] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5917] <... futex resumed>) = 0 [pid 5918] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5917] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5918] <... mmap resumed>) = 0x20000000 [pid 5917] <... futex resumed>) = 0 [pid 5918] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5917] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5918] <... futex resumed>) = 0 [pid 5917] <... mmap resumed>) = 0x7f2656608000 [pid 5918] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5917] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5917] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5919 attached , parent_tid=[5919], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5919 [pid 5919] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5919] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5917] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5919] <... futex resumed>) = 0 [pid 5917] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5919] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5919] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5919] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5917] <... futex resumed>) = 0 [pid 5917] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5918] <... futex resumed>) = 0 [pid 5917] <... futex resumed>) = 1 [pid 5918] getdents64(-1, [pid 5917] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5918] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5918] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5917] <... futex resumed>) = 0 [pid 5918] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5917] exit_group(0 [pid 5918] <... futex resumed>) = ? [pid 5917] <... exit_group resumed>) = ? [pid 5918] +++ exited with 0 +++ [pid 5919] <... futex resumed>) = ? [pid 5919] +++ exited with 0 +++ [pid 5917] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5917, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [ 101.177457][ T5918] loop0: detected capacity change from 0 to 256 [ 101.197233][ T5918] exfat: Deprecated parameter 'utf8' [ 101.207183][ T5918] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./280", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./280", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./280/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./280/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./280/binderfs") = 0 umount2("./280/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./280/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./280/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./280/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./280/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./280/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./280") = 0 mkdir("./281", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5920 ./strace-static-x86_64: Process 5920 attached [pid 5920] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5920] chdir("./281") = 0 [pid 5920] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5920] setpgid(0, 0) = 0 [pid 5920] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5920] write(3, "1000", 4) = 4 [pid 5920] close(3) = 0 [pid 5920] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5920] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5920] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5920] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5920] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5921 attached , parent_tid=[5921], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5921 [pid 5921] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5921] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5920] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5921] <... futex resumed>) = 0 [pid 5920] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5921] memfd_create("syzkaller", 0) = 3 [pid 5921] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5921] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5921] munmap(0x7f2656609000, 131072) = 0 [pid 5921] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5921] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5921] close(3) = 0 [pid 5921] mkdir("./file2", 0777) = 0 [pid 5921] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5921] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5921] chdir("./file2") = 0 [pid 5921] ioctl(4, LOOP_CLR_FD) = 0 [pid 5921] close(4) = 0 [pid 5921] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5920] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5920] <... futex resumed>) = 0 [pid 5920] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5921] <... openat resumed>) = 4 [pid 5921] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5921] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5920] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5920] <... futex resumed>) = 0 [pid 5921] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5920] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5921] <... openat resumed>) = 5 [pid 5921] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5921] write(4, "\x00\x00", 2 [pid 5920] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] <... write resumed>) = 2 [pid 5920] <... futex resumed>) = 0 [pid 5921] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5920] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5921] <... futex resumed>) = 0 [pid 5920] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5920] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5920] <... futex resumed>) = 0 [pid 5921] <... mmap resumed>) = 0x20000000 [pid 5920] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5920] <... futex resumed>) = 0 [pid 5921] <... futex resumed>) = 0 [pid 5920] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5921] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5920] <... mmap resumed>) = 0x7f2656608000 [pid 5920] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5920] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5922], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5922 [pid 5920] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5920] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5922 attached [pid 5922] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5922] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5922] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5922] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5920] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] <... futex resumed>) = 0 [pid 5920] <... futex resumed>) = 1 [pid 5921] getdents64(-1, [pid 5920] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5921] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5921] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5922] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5921] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5920] <... futex resumed>) = 0 [pid 5920] exit_group(0 [pid 5921] <... futex resumed>) = ? [pid 5920] <... exit_group resumed>) = ? [pid 5921] +++ exited with 0 +++ [pid 5922] <... futex resumed>) = ? [pid 5922] +++ exited with 0 +++ [pid 5920] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5920, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./281", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./281", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./281/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./281/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./281/binderfs") = 0 [ 101.312680][ T5921] loop0: detected capacity change from 0 to 256 [ 101.323197][ T5921] exfat: Deprecated parameter 'utf8' [ 101.334717][ T5921] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./281/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./281/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./281/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./281/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./281/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./281/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./281") = 0 mkdir("./282", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5923 ./strace-static-x86_64: Process 5923 attached [pid 5923] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5923] chdir("./282") = 0 [pid 5923] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5923] setpgid(0, 0) = 0 [pid 5923] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5923] write(3, "1000", 4) = 4 [pid 5923] close(3) = 0 [pid 5923] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5923] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5923] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5923] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5923] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5924 attached [pid 5924] set_robust_list(0x7f265ea299e0, 24 [pid 5923] <... clone resumed>, parent_tid=[5924], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5924 [pid 5924] <... set_robust_list resumed>) = 0 [pid 5923] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5924] memfd_create("syzkaller", 0 [pid 5923] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5924] <... memfd_create resumed>) = 3 [pid 5924] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5924] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5924] munmap(0x7f2656609000, 131072) = 0 [pid 5924] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5924] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5924] close(3) = 0 [pid 5924] mkdir("./file2", 0777) = 0 [pid 5924] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5924] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5924] chdir("./file2") = 0 [pid 5924] ioctl(4, LOOP_CLR_FD) = 0 [pid 5924] close(4) = 0 [pid 5924] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5923] <... futex resumed>) = 0 [pid 5924] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5923] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5924] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5923] <... futex resumed>) = 0 [pid 5924] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5923] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5924] <... openat resumed>) = 4 [pid 5924] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5923] <... futex resumed>) = 0 [pid 5924] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5923] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5924] <... openat resumed>) = 5 [pid 5923] <... futex resumed>) = 0 [pid 5924] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5923] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5924] <... futex resumed>) = 0 [pid 5923] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5924] write(4, "\x00\x00", 2 [pid 5923] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5924] <... write resumed>) = 2 [pid 5923] <... futex resumed>) = 0 [pid 5924] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5923] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5924] <... futex resumed>) = 0 [pid 5923] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5924] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5923] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5924] <... mmap resumed>) = 0x20000000 [pid 5923] <... futex resumed>) = 0 [pid 5924] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5923] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5924] <... futex resumed>) = 0 [pid 5923] <... futex resumed>) = 0 [pid 5924] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5923] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5923] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5923] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5925 attached , parent_tid=[5925], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5925 [pid 5923] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5923] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5925] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5925] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5925] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5925] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5923] <... futex resumed>) = 0 [pid 5925] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5923] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5924] <... futex resumed>) = 0 [pid 5923] <... futex resumed>) = 1 [pid 5924] getdents64(-1, [pid 5923] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5924] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5924] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5923] <... futex resumed>) = 0 [pid 5924] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5923] exit_group(0 [pid 5925] <... futex resumed>) = ? [pid 5924] <... futex resumed>) = ? [pid 5923] <... exit_group resumed>) = ? [pid 5925] +++ exited with 0 +++ [pid 5924] +++ exited with 0 +++ [pid 5923] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5923, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./282", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./282", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./282/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./282/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./282/binderfs") = 0 umount2("./282/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 101.425074][ T5924] loop0: detected capacity change from 0 to 256 [ 101.435575][ T5924] exfat: Deprecated parameter 'utf8' [ 101.444918][ T5924] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./282/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./282/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./282/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./282/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./282/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./282") = 0 mkdir("./283", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5926 ./strace-static-x86_64: Process 5926 attached [pid 5926] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5926] chdir("./283") = 0 [pid 5926] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5926] setpgid(0, 0) = 0 [pid 5926] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5926] write(3, "1000", 4) = 4 [pid 5926] close(3) = 0 [pid 5926] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5926] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5926] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5926] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5926] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5927], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5927 [pid 5926] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5926] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5927 attached [pid 5927] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5927] memfd_create("syzkaller", 0) = 3 [pid 5927] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5927] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5927] munmap(0x7f2656609000, 131072) = 0 [pid 5927] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5927] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5927] close(3) = 0 [pid 5927] mkdir("./file2", 0777) = 0 [pid 5927] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5927] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5927] chdir("./file2") = 0 [pid 5927] ioctl(4, LOOP_CLR_FD) = 0 [pid 5927] close(4) = 0 [pid 5927] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] <... futex resumed>) = 0 [pid 5926] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5926] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5927] <... futex resumed>) = 1 [pid 5927] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5927] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] <... futex resumed>) = 0 [pid 5926] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5926] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5927] <... futex resumed>) = 1 [pid 5927] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5927] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] <... futex resumed>) = 0 [pid 5926] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5926] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5927] <... futex resumed>) = 1 [pid 5927] write(4, "\x00\x00", 2) = 2 [pid 5927] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] <... futex resumed>) = 0 [pid 5926] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5926] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5926] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5926] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5926] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5928], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5928 [pid 5926] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5926] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5927] <... futex resumed>) = 1 [pid 5927] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5927] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5927] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5928 attached [pid 5928] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5928] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5928] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5928] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5926] <... futex resumed>) = 0 [pid 5926] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5926] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5927] <... futex resumed>) = 0 [pid 5927] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5927] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] <... futex resumed>) = 0 [pid 5926] exit_group(0) = ? [pid 5927] <... futex resumed>) = ? [pid 5927] +++ exited with 0 +++ [pid 5928] +++ exited with 0 +++ [pid 5926] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5926, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./283", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./283", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./283/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./283/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./283/binderfs") = 0 umount2("./283/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./283/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./283/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./283/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./283/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 101.540418][ T5927] loop0: detected capacity change from 0 to 256 [ 101.549410][ T5927] exfat: Deprecated parameter 'utf8' [ 101.560748][ T5927] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./283/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./283") = 0 mkdir("./284", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5929 ./strace-static-x86_64: Process 5929 attached [pid 5929] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5929] chdir("./284") = 0 [pid 5929] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5929] setpgid(0, 0) = 0 [pid 5929] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5929] write(3, "1000", 4) = 4 [pid 5929] close(3) = 0 [pid 5929] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5929] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5929] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5929] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5929] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5930], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5930 [pid 5929] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5929] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5930 attached [pid 5930] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5930] memfd_create("syzkaller", 0) = 3 [pid 5930] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5930] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5930] munmap(0x7f2656609000, 131072) = 0 [pid 5930] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5930] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5930] close(3) = 0 [pid 5930] mkdir("./file2", 0777) = 0 [pid 5930] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5930] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5930] chdir("./file2") = 0 [pid 5930] ioctl(4, LOOP_CLR_FD) = 0 [pid 5930] close(4) = 0 [pid 5930] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5929] <... futex resumed>) = 0 [pid 5929] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5929] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5930] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5930] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5929] <... futex resumed>) = 0 [pid 5929] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5929] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5930] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5930] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5929] <... futex resumed>) = 0 [pid 5929] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5929] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5930] write(4, "\x00\x00", 2) = 2 [pid 5930] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5929] <... futex resumed>) = 0 [pid 5929] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5929] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5929] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5930] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5929] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5930] <... mmap resumed>) = 0x20000000 [pid 5929] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5930] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5929] <... clone resumed>, parent_tid=[5931], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5931 [pid 5929] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5929] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5930] <... futex resumed>) = 0 [pid 5930] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5931 attached [pid 5931] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5931] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5931] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5931] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5929] <... futex resumed>) = 0 [pid 5929] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5929] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5931] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5930] <... futex resumed>) = 0 [pid 5930] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5930] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5929] <... futex resumed>) = 0 [pid 5930] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5929] exit_group(0) = ? [pid 5931] <... futex resumed>) = ? [pid 5930] <... futex resumed>) = ? [pid 5930] +++ exited with 0 +++ [pid 5931] +++ exited with 0 +++ [pid 5929] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5929, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./284", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 101.669772][ T5930] loop0: detected capacity change from 0 to 256 [ 101.690122][ T5930] exfat: Deprecated parameter 'utf8' [ 101.701078][ T5930] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) openat(AT_FDCWD, "./284", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./284/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./284/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./284/binderfs") = 0 umount2("./284/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./284/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./284/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./284/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./284/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./284/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./284") = 0 mkdir("./285", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5932 ./strace-static-x86_64: Process 5932 attached [pid 5932] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5932] chdir("./285") = 0 [pid 5932] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5932] setpgid(0, 0) = 0 [pid 5932] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5932] write(3, "1000", 4) = 4 [pid 5932] close(3) = 0 [pid 5932] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5932] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5932] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5932] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5932] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5933 attached , parent_tid=[5933], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5933 [pid 5933] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5933] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5932] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5933] <... futex resumed>) = 0 [pid 5933] memfd_create("syzkaller", 0 [pid 5932] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5933] <... memfd_create resumed>) = 3 [pid 5933] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5933] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5933] munmap(0x7f2656609000, 131072) = 0 [pid 5933] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5933] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5933] close(3) = 0 [pid 5933] mkdir("./file2", 0777) = 0 [pid 5933] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5933] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5933] chdir("./file2") = 0 [pid 5933] ioctl(4, LOOP_CLR_FD) = 0 [pid 5933] close(4) = 0 [pid 5933] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5932] <... futex resumed>) = 0 [pid 5933] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5932] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5932] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5933] <... openat resumed>) = 4 [pid 5933] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5932] <... futex resumed>) = 0 [pid 5933] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5932] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5932] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5933] <... openat resumed>) = 5 [pid 5933] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5932] <... futex resumed>) = 0 [pid 5932] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5932] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5933] write(4, "\x00\x00", 2) = 2 [pid 5933] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5932] <... futex resumed>) = 0 [pid 5932] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5932] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5932] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5932] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5933] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5932] <... mprotect resumed>) = 0 [pid 5932] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5934], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5934 ./strace-static-x86_64: Process 5934 attached [pid 5933] <... mmap resumed>) = 0x20000000 [pid 5932] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5934] set_robust_list(0x7f26566289e0, 24 [pid 5932] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5934] <... set_robust_list resumed>) = 0 [pid 5934] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5934] openat(AT_FDCWD, "", O_RDONLY [pid 5933] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5934] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5933] <... futex resumed>) = 0 [pid 5934] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5933] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5934] <... futex resumed>) = 1 [pid 5932] <... futex resumed>) = 0 [pid 5934] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5932] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5933] <... futex resumed>) = 0 [pid 5932] <... futex resumed>) = 1 [pid 5933] getdents64(-1, [pid 5932] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5933] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5933] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5932] <... futex resumed>) = 0 [pid 5933] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5932] exit_group(0 [pid 5934] <... futex resumed>) = ? [pid 5933] <... futex resumed>) = ? [pid 5932] <... exit_group resumed>) = ? [pid 5934] +++ exited with 0 +++ [pid 5933] +++ exited with 0 +++ [pid 5932] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5932, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./285", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./285", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./285/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./285/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./285/binderfs") = 0 [ 101.803551][ T5933] loop0: detected capacity change from 0 to 256 [ 101.812949][ T5933] exfat: Deprecated parameter 'utf8' [ 101.824298][ T5933] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./285/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./285/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./285/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./285/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./285/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./285/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./285") = 0 mkdir("./286", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5935 ./strace-static-x86_64: Process 5935 attached [pid 5935] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5935] chdir("./286") = 0 [pid 5935] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5935] setpgid(0, 0) = 0 [pid 5935] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5935] write(3, "1000", 4) = 4 [pid 5935] close(3) = 0 [pid 5935] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5935] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5935] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5935] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5935] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5936 attached , parent_tid=[5936], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5936 [pid 5936] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5935] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5936] memfd_create("syzkaller", 0 [pid 5935] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5936] <... memfd_create resumed>) = 3 [pid 5936] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5936] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5936] munmap(0x7f2656609000, 131072) = 0 [pid 5936] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5936] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5936] close(3) = 0 [pid 5936] mkdir("./file2", 0777) = 0 [pid 5936] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5936] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5936] chdir("./file2") = 0 [pid 5936] ioctl(4, LOOP_CLR_FD) = 0 [pid 5936] close(4) = 0 [pid 5936] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5936] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5935] <... futex resumed>) = 0 [pid 5935] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5936] <... futex resumed>) = 0 [pid 5935] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5936] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5936] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5936] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5935] <... futex resumed>) = 0 [pid 5935] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5936] <... futex resumed>) = 0 [pid 5935] <... futex resumed>) = 1 [pid 5936] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5935] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5936] <... openat resumed>) = 5 [pid 5936] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5935] <... futex resumed>) = 0 [pid 5935] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5935] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5936] write(4, "\x00\x00", 2) = 2 [pid 5936] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5935] <... futex resumed>) = 0 [pid 5935] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5935] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5935] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5935] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5936] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5935] <... mprotect resumed>) = 0 [pid 5935] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5937], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5937 ./strace-static-x86_64: Process 5937 attached [pid 5936] <... mmap resumed>) = 0x20000000 [pid 5935] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5935] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5937] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5937] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5937] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5937] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5935] <... futex resumed>) = 0 [pid 5935] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5935] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5937] <... futex resumed>) = 1 [pid 5937] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5937] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5935] <... futex resumed>) = 0 [pid 5937] <... futex resumed>) = 1 [pid 5937] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5936] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5936] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5935] exit_group(0) = ? [pid 5937] <... futex resumed>) = ? [pid 5937] +++ exited with 0 +++ [pid 5936] <... futex resumed>) = ? [pid 5936] +++ exited with 0 +++ [pid 5935] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5935, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./286", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./286", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./286/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./286/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./286/binderfs") = 0 [ 101.926595][ T5936] loop0: detected capacity change from 0 to 256 [ 101.935252][ T5936] exfat: Deprecated parameter 'utf8' [ 101.945628][ T5936] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./286/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./286/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./286/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./286/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./286/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./286/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./286") = 0 mkdir("./287", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5938 ./strace-static-x86_64: Process 5938 attached [pid 5938] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5938] chdir("./287") = 0 [pid 5938] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5938] setpgid(0, 0) = 0 [pid 5938] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5938] write(3, "1000", 4) = 4 [pid 5938] close(3) = 0 [pid 5938] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5938] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5938] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5938] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5938] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5939 attached , parent_tid=[5939], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5939 [pid 5938] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5938] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5939] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5939] memfd_create("syzkaller", 0) = 3 [pid 5939] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5939] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5939] munmap(0x7f2656609000, 131072) = 0 [pid 5939] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5939] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5939] close(3) = 0 [pid 5939] mkdir("./file2", 0777) = 0 [pid 5939] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5939] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5939] chdir("./file2") = 0 [pid 5939] ioctl(4, LOOP_CLR_FD) = 0 [pid 5939] close(4) = 0 [pid 5939] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5938] <... futex resumed>) = 0 [pid 5939] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5938] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5938] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5939] <... openat resumed>) = 4 [pid 5939] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5938] <... futex resumed>) = 0 [pid 5939] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5938] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5938] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5939] <... openat resumed>) = 5 [pid 5939] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5938] <... futex resumed>) = 0 [pid 5938] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5938] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5939] write(4, "\x00\x00", 2) = 2 [pid 5939] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5938] <... futex resumed>) = 0 [pid 5938] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5939] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5938] <... futex resumed>) = 0 [pid 5938] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5938] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5938] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5938] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5940 attached , parent_tid=[5940], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5940 [pid 5940] set_robust_list(0x7f26566289e0, 24 [pid 5938] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5940] <... set_robust_list resumed>) = 0 [pid 5938] <... futex resumed>) = 0 [pid 5940] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5938] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5939] <... mmap resumed>) = 0x20000000 [pid 5939] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5939] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5940] <... openat resumed>) = 6 [pid 5940] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5938] <... futex resumed>) = 0 [pid 5940] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5938] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5939] <... futex resumed>) = 0 [pid 5938] <... futex resumed>) = 1 [pid 5939] getdents64(6, [pid 5938] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5939] <... getdents64 resumed>NULL, 32776) = -1 EFAULT (Bad address) [pid 5939] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5938] <... futex resumed>) = 0 [pid 5939] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5938] exit_group(0 [pid 5940] <... futex resumed>) = ? [pid 5939] <... futex resumed>) = ? [pid 5938] <... exit_group resumed>) = ? [pid 5940] +++ exited with 0 +++ [pid 5939] +++ exited with 0 +++ [pid 5938] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5938, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./287", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./287", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./287/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./287/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./287/binderfs") = 0 [ 102.053526][ T5939] loop0: detected capacity change from 0 to 256 [ 102.065683][ T5939] exfat: Deprecated parameter 'utf8' [ 102.075001][ T5939] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./287/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./287/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./287/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./287/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./287/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./287/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./287") = 0 mkdir("./288", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5941 ./strace-static-x86_64: Process 5941 attached [pid 5941] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5941] chdir("./288") = 0 [pid 5941] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5941] setpgid(0, 0) = 0 [pid 5941] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5941] write(3, "1000", 4) = 4 [pid 5941] close(3) = 0 [pid 5941] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5941] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5941] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5941] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5941] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5942 attached [pid 5942] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5942] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5941] <... clone resumed>, parent_tid=[5942], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5942 [pid 5941] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5942] <... futex resumed>) = 0 [pid 5941] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5942] memfd_create("syzkaller", 0) = 3 [pid 5942] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5942] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5942] munmap(0x7f2656609000, 131072) = 0 [pid 5942] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5942] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5942] close(3) = 0 [pid 5942] mkdir("./file2", 0777) = 0 [pid 5942] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5942] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5942] chdir("./file2") = 0 [pid 5942] ioctl(4, LOOP_CLR_FD) = 0 [pid 5942] close(4) = 0 [pid 5942] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5941] <... futex resumed>) = 0 [pid 5941] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5941] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5942] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5942] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5941] <... futex resumed>) = 0 [pid 5941] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5941] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5942] <... futex resumed>) = 1 [pid 5942] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5942] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5941] <... futex resumed>) = 0 [pid 5941] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5941] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5942] <... futex resumed>) = 1 [pid 5942] write(4, "\x00\x00", 2) = 2 [pid 5942] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5941] <... futex resumed>) = 0 [pid 5941] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5941] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5941] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5941] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5941] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5943 attached , parent_tid=[5943], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5943 [pid 5941] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5941] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] set_robust_list(0x7f26566289e0, 24 [pid 5942] <... futex resumed>) = 1 [pid 5942] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5943] <... set_robust_list resumed>) = 0 [ 102.167467][ T5942] loop0: detected capacity change from 0 to 256 [ 102.186743][ T5942] exfat: Deprecated parameter 'utf8' [ 102.198102][ T5942] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5942] <... mmap resumed>) = 0x20000000 [pid 5943] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5943] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5943] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5941] <... futex resumed>) = 0 [pid 5941] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5941] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] <... futex resumed>) = 1 [pid 5943] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5943] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5941] <... futex resumed>) = 0 [pid 5943] <... futex resumed>) = 1 [pid 5943] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5942] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5942] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5941] exit_group(0) = ? [pid 5943] <... futex resumed>) = ? [pid 5943] +++ exited with 0 +++ [pid 5942] <... futex resumed>) = ? [pid 5942] +++ exited with 0 +++ [pid 5941] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5941, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./288", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./288", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./288/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./288/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./288/binderfs") = 0 umount2("./288/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./288/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./288/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./288/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./288/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./288/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./288") = 0 mkdir("./289", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5944 ./strace-static-x86_64: Process 5944 attached [pid 5944] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5944] chdir("./289") = 0 [pid 5944] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5944] setpgid(0, 0) = 0 [pid 5944] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5944] write(3, "1000", 4) = 4 [pid 5944] close(3) = 0 [pid 5944] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5944] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5944] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5944] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5944] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5945 attached [pid 5945] set_robust_list(0x7f265ea299e0, 24 [pid 5944] <... clone resumed>, parent_tid=[5945], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5945 [pid 5945] <... set_robust_list resumed>) = 0 [pid 5944] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5944] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5945] memfd_create("syzkaller", 0) = 3 [pid 5945] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5945] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5945] munmap(0x7f2656609000, 131072) = 0 [pid 5945] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5945] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5945] close(3) = 0 [pid 5945] mkdir("./file2", 0777) = 0 [pid 5945] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5945] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5945] chdir("./file2") = 0 [pid 5945] ioctl(4, LOOP_CLR_FD) = 0 [pid 5945] close(4) = 0 [pid 5945] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5945] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5944] <... futex resumed>) = 0 [pid 5944] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5944] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5945] <... futex resumed>) = 0 [pid 5945] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5945] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5944] <... futex resumed>) = 0 [pid 5944] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5944] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5945] <... futex resumed>) = 1 [pid 5945] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5945] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5944] <... futex resumed>) = 0 [pid 5944] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5944] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5945] write(4, "\x00\x00", 2) = 2 [pid 5945] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5944] <... futex resumed>) = 0 [pid 5945] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5944] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5945] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5944] <... futex resumed>) = 0 [pid 5945] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5944] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5944] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5945] <... mmap resumed>) = 0x20000000 [pid 5944] <... mmap resumed>) = 0x7f2656608000 [pid 5945] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5945] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5944] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5944] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5946 attached [pid 5946] set_robust_list(0x7f26566289e0, 24 [pid 5944] <... clone resumed>, parent_tid=[5946], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5946 [pid 5946] <... set_robust_list resumed>) = 0 [pid 5944] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5946] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5944] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5946] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5946] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5946] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5944] <... futex resumed>) = 0 [pid 5944] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5944] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5945] <... futex resumed>) = 0 [pid 5945] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5945] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5944] <... futex resumed>) = 0 [pid 5945] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5944] exit_group(0 [pid 5945] <... futex resumed>) = ? [pid 5944] <... exit_group resumed>) = ? [pid 5945] +++ exited with 0 +++ [pid 5946] <... futex resumed>) = ? [pid 5946] +++ exited with 0 +++ [pid 5944] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5944, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./289", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./289", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./289/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./289/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 102.311477][ T5945] loop0: detected capacity change from 0 to 256 [ 102.320045][ T5945] exfat: Deprecated parameter 'utf8' [ 102.330612][ T5945] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) unlink("./289/binderfs") = 0 umount2("./289/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./289/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./289/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./289/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./289/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./289/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./289") = 0 mkdir("./290", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5947 attached , child_tidptr=0x555556b3a6d0) = 5947 [pid 5947] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5947] chdir("./290") = 0 [pid 5947] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5947] setpgid(0, 0) = 0 [pid 5947] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5947] write(3, "1000", 4) = 4 [pid 5947] close(3) = 0 [pid 5947] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5947] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5947] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5947] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5947] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5948 attached [pid 5948] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5948] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5947] <... clone resumed>, parent_tid=[5948], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5948 [pid 5947] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5948] <... futex resumed>) = 0 [pid 5947] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5948] memfd_create("syzkaller", 0) = 3 [pid 5948] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5948] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5948] munmap(0x7f2656609000, 131072) = 0 [pid 5948] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5948] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5948] close(3) = 0 [pid 5948] mkdir("./file2", 0777) = 0 [pid 5948] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5948] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5948] chdir("./file2") = 0 [pid 5948] ioctl(4, LOOP_CLR_FD) = 0 [pid 5948] close(4) = 0 [pid 5948] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5947] <... futex resumed>) = 0 [pid 5948] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5947] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5947] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5948] <... openat resumed>) = 4 [pid 5948] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5947] <... futex resumed>) = 0 [pid 5948] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5947] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5948] <... openat resumed>) = 5 [pid 5947] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5948] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5947] <... futex resumed>) = 0 [pid 5948] write(4, "\x00\x00", 2 [pid 5947] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] <... write resumed>) = 2 [pid 5947] <... futex resumed>) = 0 [pid 5948] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5947] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5948] <... futex resumed>) = 0 [pid 5947] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5948] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5947] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] <... mmap resumed>) = 0x20000000 [pid 5947] <... futex resumed>) = 0 [pid 5948] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5947] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] <... futex resumed>) = 0 [pid 5947] <... futex resumed>) = 0 [pid 5948] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5947] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5947] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5947] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5949], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5949 [pid 5947] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5947] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5949 attached [pid 5949] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5949] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5949] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5949] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5947] <... futex resumed>) = 0 [pid 5947] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] <... futex resumed>) = 0 [pid 5947] <... futex resumed>) = 1 [pid 5948] getdents64(-1, [pid 5947] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5948] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5948] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5948] <... futex resumed>) = 1 [pid 5947] <... futex resumed>) = 0 [pid 5948] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5947] exit_group(0 [pid 5948] <... futex resumed>) = ? [pid 5947] <... exit_group resumed>) = ? [pid 5949] <... futex resumed>) = ? [pid 5948] +++ exited with 0 +++ [pid 5949] +++ exited with 0 +++ [pid 5947] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5947, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./290", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./290", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./290/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./290/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./290/binderfs") = 0 [ 102.456417][ T5948] loop0: detected capacity change from 0 to 256 [ 102.466575][ T5948] exfat: Deprecated parameter 'utf8' [ 102.475660][ T5948] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./290/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./290/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./290/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./290/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./290/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./290/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./290") = 0 mkdir("./291", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5950 ./strace-static-x86_64: Process 5950 attached [pid 5950] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5950] chdir("./291") = 0 [pid 5950] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5950] setpgid(0, 0) = 0 [pid 5950] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5950] write(3, "1000", 4) = 4 [pid 5950] close(3) = 0 [pid 5950] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5950] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5950] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5950] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5950] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5951], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5951 [pid 5950] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5950] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5951 attached [pid 5951] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5951] memfd_create("syzkaller", 0) = 3 [pid 5951] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5951] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5951] munmap(0x7f2656609000, 131072) = 0 [pid 5951] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5951] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5951] close(3) = 0 [pid 5951] mkdir("./file2", 0777) = 0 [pid 5951] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5951] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5951] chdir("./file2") = 0 [pid 5951] ioctl(4, LOOP_CLR_FD) = 0 [pid 5951] close(4) = 0 [pid 5951] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5950] <... futex resumed>) = 0 [pid 5950] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5950] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5951] <... futex resumed>) = 1 [pid 5951] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5951] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5950] <... futex resumed>) = 0 [pid 5950] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5950] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5951] <... futex resumed>) = 1 [pid 5951] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5951] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5950] <... futex resumed>) = 0 [pid 5950] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5950] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5951] <... futex resumed>) = 1 [pid 5951] write(4, "\x00\x00", 2) = 2 [pid 5951] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5950] <... futex resumed>) = 0 [pid 5950] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5950] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5950] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5950] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5950] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5952], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5952 [pid 5950] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5950] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5951] <... futex resumed>) = 1 [pid 5951] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5951] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5951] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5952 attached [pid 5952] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5952] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5952] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5952] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5950] <... futex resumed>) = 0 [pid 5950] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5950] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5951] <... futex resumed>) = 0 [pid 5951] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5951] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5950] <... futex resumed>) = 0 [pid 5950] exit_group(0) = ? [pid 5951] <... futex resumed>) = ? [pid 5951] +++ exited with 0 +++ [pid 5952] <... futex resumed>) = ? [pid 5952] +++ exited with 0 +++ [pid 5950] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5950, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./291", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./291", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./291/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./291/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./291/binderfs") = 0 umount2("./291/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 102.555109][ T5951] loop0: detected capacity change from 0 to 256 [ 102.561975][ T5080] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 102.564912][ T5951] exfat: Deprecated parameter 'utf8' [ 102.583142][ T5951] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./291/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./291/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./291/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./291/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./291/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./291") = 0 mkdir("./292", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5953 attached [pid 5953] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5953] chdir("./292") = 0 [pid 5953] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5078] <... clone resumed>, child_tidptr=0x555556b3a6d0) = 5953 [pid 5953] <... prctl resumed>) = 0 [pid 5953] setpgid(0, 0) = 0 [pid 5953] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5953] write(3, "1000", 4) = 4 [pid 5953] close(3) = 0 [pid 5953] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5953] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5953] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5953] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5953] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5954], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5954 [pid 5953] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5953] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5954 attached [pid 5954] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5954] memfd_create("syzkaller", 0) = 3 [pid 5954] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5954] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5954] munmap(0x7f2656609000, 131072) = 0 [pid 5954] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5954] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5954] close(3) = 0 [pid 5954] mkdir("./file2", 0777) = 0 [pid 5954] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5954] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5954] chdir("./file2") = 0 [pid 5954] ioctl(4, LOOP_CLR_FD) = 0 [pid 5954] close(4) = 0 [pid 5954] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5953] <... futex resumed>) = 0 [pid 5953] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5953] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5954] <... futex resumed>) = 1 [pid 5954] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5954] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5953] <... futex resumed>) = 0 [pid 5953] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5953] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5954] <... futex resumed>) = 1 [pid 5954] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5954] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5953] <... futex resumed>) = 0 [pid 5953] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5953] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5954] <... futex resumed>) = 1 [pid 5954] write(4, "\x00\x00", 2) = 2 [pid 5954] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5953] <... futex resumed>) = 0 [pid 5953] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5953] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5953] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5953] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5953] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5955], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5955 [pid 5953] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5953] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5954] <... futex resumed>) = 1 [pid 5954] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5954] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5954] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5955 attached [pid 5955] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5955] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5955] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5955] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5953] <... futex resumed>) = 0 [pid 5953] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5954] <... futex resumed>) = 0 [pid 5953] <... futex resumed>) = 1 [pid 5954] getdents64(-1, [pid 5953] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5954] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5954] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5953] <... futex resumed>) = 0 [pid 5954] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5953] exit_group(0 [pid 5954] <... futex resumed>) = ? [pid 5953] <... exit_group resumed>) = ? [pid 5954] +++ exited with 0 +++ [pid 5955] +++ exited with 0 +++ [pid 5953] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5953, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./292", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./292", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./292/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./292/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./292/binderfs") = 0 umount2("./292/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./292/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./292/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./292/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./292/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./292/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./292") = 0 mkdir("./293", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5956 ./strace-static-x86_64: Process 5956 attached [pid 5956] set_robust_list(0x555556b3a6e0, 24) = 0 [ 102.683701][ T5954] loop0: detected capacity change from 0 to 256 [ 102.692637][ T5954] exfat: Deprecated parameter 'utf8' [ 102.703158][ T5954] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5956] chdir("./293") = 0 [pid 5956] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5956] setpgid(0, 0) = 0 [pid 5956] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5956] write(3, "1000", 4) = 4 [pid 5956] close(3) = 0 [pid 5956] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5956] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5956] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5956] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5956] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5957], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5957 [pid 5956] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5956] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5957 attached [pid 5957] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5957] memfd_create("syzkaller", 0) = 3 [pid 5957] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5957] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5957] munmap(0x7f2656609000, 131072) = 0 [pid 5957] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5957] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5957] close(3) = 0 [pid 5957] mkdir("./file2", 0777) = 0 [pid 5957] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5957] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5957] chdir("./file2") = 0 [pid 5957] ioctl(4, LOOP_CLR_FD) = 0 [pid 5957] close(4) = 0 [pid 5957] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5956] <... futex resumed>) = 0 [pid 5956] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5956] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5957] <... futex resumed>) = 1 [pid 5957] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5957] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5956] <... futex resumed>) = 0 [pid 5956] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5956] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5957] <... futex resumed>) = 1 [pid 5957] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5957] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5956] <... futex resumed>) = 0 [pid 5956] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5956] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5957] <... futex resumed>) = 1 [pid 5957] write(4, "\x00\x00", 2) = 2 [pid 5957] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5956] <... futex resumed>) = 0 [pid 5956] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5957] <... futex resumed>) = 1 [pid 5956] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5956] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5956] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5956] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5958 attached , parent_tid=[5958], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5958 [pid 5956] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5956] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5957] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5958] set_robust_list(0x7f26566289e0, 24 [pid 5957] <... mmap resumed>) = 0x20000000 [pid 5957] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5957] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5958] <... set_robust_list resumed>) = 0 [pid 5958] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5958] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5958] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5956] <... futex resumed>) = 0 [pid 5956] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5956] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5957] <... futex resumed>) = 0 [pid 5957] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5957] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5956] <... futex resumed>) = 0 [pid 5958] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5957] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5956] exit_group(0 [pid 5957] <... futex resumed>) = ? [pid 5956] <... exit_group resumed>) = ? [pid 5958] <... futex resumed>) = ? [pid 5957] +++ exited with 0 +++ [pid 5958] +++ exited with 0 +++ [pid 5956] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5956, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./293", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./293", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./293/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./293/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./293/binderfs") = 0 [ 102.780351][ T5957] loop0: detected capacity change from 0 to 256 [ 102.790691][ T5957] exfat: Deprecated parameter 'utf8' [ 102.801126][ T5957] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./293/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./293/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./293/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./293/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./293/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./293/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./293") = 0 mkdir("./294", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5959 ./strace-static-x86_64: Process 5959 attached [pid 5959] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5959] chdir("./294") = 0 [pid 5959] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5959] setpgid(0, 0) = 0 [pid 5959] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5959] write(3, "1000", 4) = 4 [pid 5959] close(3) = 0 [pid 5959] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5959] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5959] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5959] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5959] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5960 attached , parent_tid=[5960], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5960 [pid 5960] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5960] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5959] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5960] <... futex resumed>) = 0 [pid 5959] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5960] memfd_create("syzkaller", 0) = 3 [pid 5960] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5960] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5960] munmap(0x7f2656609000, 131072) = 0 [pid 5960] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5960] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5960] close(3) = 0 [pid 5960] mkdir("./file2", 0777) = 0 [pid 5960] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5960] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5960] chdir("./file2") = 0 [pid 5960] ioctl(4, LOOP_CLR_FD) = 0 [pid 5960] close(4) = 0 [pid 5960] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5959] <... futex resumed>) = 0 [pid 5959] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5959] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5960] <... futex resumed>) = 1 [pid 5960] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5960] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5959] <... futex resumed>) = 0 [pid 5959] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5959] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5960] <... futex resumed>) = 1 [pid 5960] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5960] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5959] <... futex resumed>) = 0 [pid 5959] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5959] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5960] <... futex resumed>) = 1 [pid 5960] write(4, "\x00\x00", 2) = 2 [pid 5960] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5959] <... futex resumed>) = 0 [pid 5959] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5959] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5959] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5959] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5959] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5961 attached , parent_tid=[5961], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5961 [pid 5959] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5959] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5961] set_robust_list(0x7f26566289e0, 24 [pid 5960] <... futex resumed>) = 1 [pid 5961] <... set_robust_list resumed>) = 0 [pid 5960] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5961] openat(AT_FDCWD, "", O_RDONLY [pid 5960] <... mmap resumed>) = 0x20000000 [pid 5960] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5960] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5961] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5961] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5959] <... futex resumed>) = 0 [pid 5961] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5959] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5960] <... futex resumed>) = 0 [pid 5959] <... futex resumed>) = 1 [pid 5960] getdents64(-1, [pid 5959] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5960] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5960] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5959] <... futex resumed>) = 0 [pid 5960] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5959] exit_group(0 [pid 5961] <... futex resumed>) = ? [pid 5960] <... futex resumed>) = ? [pid 5959] <... exit_group resumed>) = ? [pid 5961] +++ exited with 0 +++ [pid 5960] +++ exited with 0 +++ [pid 5959] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5959, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./294", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./294", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./294/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./294/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./294/binderfs") = 0 [ 102.904330][ T5960] loop0: detected capacity change from 0 to 256 [ 102.913290][ T5960] exfat: Deprecated parameter 'utf8' [ 102.922989][ T5960] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./294/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./294/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./294/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./294/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./294/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./294/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./294") = 0 mkdir("./295", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5962 ./strace-static-x86_64: Process 5962 attached [pid 5962] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5962] chdir("./295") = 0 [pid 5962] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5962] setpgid(0, 0) = 0 [pid 5962] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5962] write(3, "1000", 4) = 4 [pid 5962] close(3) = 0 [pid 5962] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5962] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5962] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5962] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5962] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5963], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5963 [pid 5962] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5962] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5963 attached [pid 5963] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5963] memfd_create("syzkaller", 0) = 3 [pid 5963] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5963] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5963] munmap(0x7f2656609000, 131072) = 0 [pid 5963] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5963] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5963] close(3) = 0 [pid 5963] mkdir("./file2", 0777) = 0 [pid 5963] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5963] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5963] chdir("./file2") = 0 [pid 5963] ioctl(4, LOOP_CLR_FD) = 0 [pid 5963] close(4) = 0 [pid 5963] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5962] <... futex resumed>) = 0 [pid 5963] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5962] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5962] <... futex resumed>) = 0 [pid 5963] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5962] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5963] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5962] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5963] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5962] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5962] <... futex resumed>) = 0 [pid 5963] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5962] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5963] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5962] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5963] <... futex resumed>) = 0 [pid 5963] write(4, "\x00\x00", 2 [pid 5962] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] <... write resumed>) = 2 [pid 5963] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5962] <... futex resumed>) = 0 [pid 5963] <... futex resumed>) = 0 [pid 5962] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5963] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5962] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5962] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] <... futex resumed>) = 0 [pid 5962] <... futex resumed>) = 1 [pid 5963] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5962] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] <... mmap resumed>) = 0x20000000 [pid 5962] <... futex resumed>) = 0 [pid 5963] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5962] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5963] <... futex resumed>) = 0 [pid 5962] <... mmap resumed>) = 0x7f2656608000 [pid 5963] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5962] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5962] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5964], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5964 ./strace-static-x86_64: Process 5964 attached [pid 5962] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5964] set_robust_list(0x7f26566289e0, 24 [pid 5962] <... futex resumed>) = 0 [pid 5964] <... set_robust_list resumed>) = 0 [pid 5962] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5964] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5964] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5964] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5962] <... futex resumed>) = 0 [pid 5964] <... futex resumed>) = 1 [pid 5962] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5964] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5962] <... futex resumed>) = 1 [pid 5963] <... futex resumed>) = 0 [pid 5962] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5963] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5963] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5962] <... futex resumed>) = 0 [pid 5963] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5962] exit_group(0) = ? [pid 5963] <... futex resumed>) = ? [pid 5964] <... futex resumed>) = ? [pid 5963] +++ exited with 0 +++ [pid 5964] +++ exited with 0 +++ [pid 5962] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5962, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./295", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./295", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./295/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./295/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./295/binderfs") = 0 [ 103.026449][ T5963] loop0: detected capacity change from 0 to 256 [ 103.035372][ T5963] exfat: Deprecated parameter 'utf8' [ 103.044792][ T5963] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./295/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./295/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./295/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./295/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./295/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./295/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./295") = 0 mkdir("./296", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5965 ./strace-static-x86_64: Process 5965 attached [pid 5965] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5965] chdir("./296") = 0 [pid 5965] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5965] setpgid(0, 0) = 0 [pid 5965] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5965] write(3, "1000", 4) = 4 [pid 5965] close(3) = 0 [pid 5965] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5965] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5965] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5965] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5965] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5966 attached , parent_tid=[5966], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5966 [pid 5965] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5965] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5966] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5966] memfd_create("syzkaller", 0) = 3 [pid 5966] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5966] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5966] munmap(0x7f2656609000, 131072) = 0 [pid 5966] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5966] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5966] close(3) = 0 [pid 5966] mkdir("./file2", 0777) = 0 [pid 5966] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5966] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5966] chdir("./file2") = 0 [pid 5966] ioctl(4, LOOP_CLR_FD) = 0 [pid 5966] close(4) = 0 [pid 5966] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5965] <... futex resumed>) = 0 [pid 5965] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5966] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5965] <... futex resumed>) = 0 [pid 5965] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5966] <... openat resumed>) = 4 [pid 5966] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5965] <... futex resumed>) = 0 [pid 5966] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5965] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5965] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5966] <... openat resumed>) = 5 [pid 5966] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5965] <... futex resumed>) = 0 [pid 5965] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5965] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5966] write(4, "\x00\x00", 2) = 2 [pid 5966] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5965] <... futex resumed>) = 0 [pid 5966] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5965] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5966] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5965] <... futex resumed>) = 0 [pid 5966] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5965] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5966] <... mmap resumed>) = 0x20000000 [pid 5965] <... futex resumed>) = 0 [pid 5966] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5965] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5966] <... futex resumed>) = 0 [pid 5966] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5965] <... mmap resumed>) = 0x7f2656608000 [pid 5965] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5965] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5967], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5967 ./strace-static-x86_64: Process 5967 attached [pid 5965] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] set_robust_list(0x7f26566289e0, 24 [pid 5965] <... futex resumed>) = 0 [pid 5967] <... set_robust_list resumed>) = 0 [pid 5965] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5967] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5967] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5967] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5965] <... futex resumed>) = 0 [pid 5967] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5965] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5966] <... futex resumed>) = 0 [pid 5965] <... futex resumed>) = 1 [pid 5966] getdents64(-1, [pid 5965] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5966] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5966] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5965] <... futex resumed>) = 0 [pid 5966] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5965] exit_group(0 [pid 5966] <... futex resumed>) = ? [pid 5965] <... exit_group resumed>) = ? [pid 5966] +++ exited with 0 +++ [pid 5967] <... futex resumed>) = ? [pid 5967] +++ exited with 0 +++ [pid 5965] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5965, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./296", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./296", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./296/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./296/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 103.154160][ T5966] loop0: detected capacity change from 0 to 256 [ 103.163317][ T5966] exfat: Deprecated parameter 'utf8' [ 103.174679][ T5966] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) unlink("./296/binderfs") = 0 umount2("./296/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./296/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./296/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./296/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./296/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./296/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./296") = 0 mkdir("./297", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5968 ./strace-static-x86_64: Process 5968 attached [pid 5968] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5968] chdir("./297") = 0 [pid 5968] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5968] setpgid(0, 0) = 0 [pid 5968] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5968] write(3, "1000", 4) = 4 [pid 5968] close(3) = 0 [pid 5968] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5968] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5968] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5968] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5968] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5969 attached [pid 5969] set_robust_list(0x7f265ea299e0, 24 [pid 5968] <... clone resumed>, parent_tid=[5969], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5969 [pid 5969] <... set_robust_list resumed>) = 0 [pid 5969] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5968] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5968] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5969] <... futex resumed>) = 0 [pid 5969] memfd_create("syzkaller", 0) = 3 [pid 5969] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5969] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5969] munmap(0x7f2656609000, 131072) = 0 [pid 5969] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5969] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5969] close(3) = 0 [pid 5969] mkdir("./file2", 0777) = 0 [pid 5969] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5969] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5969] chdir("./file2") = 0 [pid 5969] ioctl(4, LOOP_CLR_FD) = 0 [pid 5969] close(4) = 0 [pid 5969] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5969] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5968] <... futex resumed>) = 0 [pid 5968] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5969] <... futex resumed>) = 0 [pid 5968] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5969] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5969] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5969] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5968] <... futex resumed>) = 0 [pid 5968] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5968] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5969] <... futex resumed>) = 0 [pid 5969] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5969] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5968] <... futex resumed>) = 0 [pid 5969] write(4, "\x00\x00", 2 [pid 5968] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5968] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5969] <... write resumed>) = 2 [pid 5969] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5968] <... futex resumed>) = 0 [pid 5969] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5968] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5969] <... mmap resumed>) = 0x20000000 [pid 5968] <... futex resumed>) = 0 [pid 5968] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5968] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5969] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5968] <... mmap resumed>) = 0x7f2656608000 [pid 5969] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5968] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5968] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5970], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5970 [pid 5968] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5968] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5970 attached [pid 5970] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5970] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5970] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5970] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5968] <... futex resumed>) = 0 [pid 5970] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5968] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5969] <... futex resumed>) = 0 [pid 5968] <... futex resumed>) = 1 [pid 5969] getdents64(-1, [pid 5968] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5969] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5969] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5968] <... futex resumed>) = 0 [pid 5969] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5968] exit_group(0) = ? [pid 5969] <... futex resumed>) = ? [pid 5969] +++ exited with 0 +++ [pid 5970] <... futex resumed>) = ? [pid 5970] +++ exited with 0 +++ [pid 5968] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5968, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./297", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./297", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./297/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./297/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./297/binderfs") = 0 [ 103.274629][ T5969] loop0: detected capacity change from 0 to 256 [ 103.283694][ T5969] exfat: Deprecated parameter 'utf8' [ 103.293512][ T5969] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./297/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./297/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./297/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./297/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./297/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./297/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./297") = 0 mkdir("./298", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5971 ./strace-static-x86_64: Process 5971 attached [pid 5971] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5971] chdir("./298") = 0 [pid 5971] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5971] setpgid(0, 0) = 0 [pid 5971] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5971] write(3, "1000", 4) = 4 [pid 5971] close(3) = 0 [pid 5971] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5971] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5971] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5971] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5971] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5972 attached , parent_tid=[5972], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5972 [pid 5971] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5971] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5972] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5972] memfd_create("syzkaller", 0) = 3 [pid 5972] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5972] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5972] munmap(0x7f2656609000, 131072) = 0 [pid 5972] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5972] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5972] close(3) = 0 [pid 5972] mkdir("./file2", 0777) = 0 [pid 5972] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5972] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5972] chdir("./file2") = 0 [pid 5972] ioctl(4, LOOP_CLR_FD) = 0 [pid 5972] close(4) = 0 [pid 5972] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5971] <... futex resumed>) = 0 [pid 5971] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5971] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5972] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5972] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5971] <... futex resumed>) = 0 [pid 5971] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5971] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5972] <... futex resumed>) = 1 [pid 5972] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5972] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5971] <... futex resumed>) = 0 [pid 5971] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5971] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5972] <... futex resumed>) = 1 [pid 5972] write(4, "\x00\x00", 2) = 2 [pid 5972] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5971] <... futex resumed>) = 0 [pid 5972] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5971] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5972] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5971] <... futex resumed>) = 0 [pid 5972] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5971] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5971] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5972] <... mmap resumed>) = 0x20000000 [pid 5971] <... mmap resumed>) = 0x7f2656608000 [pid 5972] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5971] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5972] <... futex resumed>) = 0 [pid 5971] <... mprotect resumed>) = 0 [pid 5972] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5971] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5973 attached [pid 5973] set_robust_list(0x7f26566289e0, 24 [pid 5971] <... clone resumed>, parent_tid=[5973], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5973 [pid 5973] <... set_robust_list resumed>) = 0 [pid 5971] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5973] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5971] <... futex resumed>) = 0 [pid 5971] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5973] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5973] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5971] <... futex resumed>) = 0 [pid 5973] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5971] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5972] <... futex resumed>) = 0 [pid 5971] <... futex resumed>) = 1 [pid 5972] getdents64(-1, [pid 5971] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5972] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5972] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5971] <... futex resumed>) = 0 [pid 5972] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5971] exit_group(0 [pid 5973] <... futex resumed>) = ? [pid 5972] <... futex resumed>) = ? [pid 5971] <... exit_group resumed>) = ? [pid 5972] +++ exited with 0 +++ [pid 5973] +++ exited with 0 +++ [pid 5971] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5971, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./298", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./298", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./298/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./298/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./298/binderfs") = 0 [ 103.375164][ T5972] loop0: detected capacity change from 0 to 256 [ 103.383992][ T5972] exfat: Deprecated parameter 'utf8' [ 103.395486][ T5972] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./298/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./298/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./298/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./298/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./298/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./298/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./298") = 0 mkdir("./299", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5974 attached , child_tidptr=0x555556b3a6d0) = 5974 [pid 5974] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5974] chdir("./299") = 0 [pid 5974] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5974] setpgid(0, 0) = 0 [pid 5974] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5974] write(3, "1000", 4) = 4 [pid 5974] close(3) = 0 [pid 5974] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5974] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5974] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5974] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5974] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5975 attached , parent_tid=[5975], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5975 [pid 5975] set_robust_list(0x7f265ea299e0, 24 [pid 5974] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5975] <... set_robust_list resumed>) = 0 [pid 5974] <... futex resumed>) = 0 [pid 5975] memfd_create("syzkaller", 0) = 3 [pid 5974] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5975] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5975] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5975] munmap(0x7f2656609000, 131072) = 0 [pid 5975] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5975] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5975] close(3) = 0 [pid 5975] mkdir("./file2", 0777) = 0 [pid 5975] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5975] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5975] chdir("./file2") = 0 [pid 5975] ioctl(4, LOOP_CLR_FD) = 0 [pid 5975] close(4) = 0 [pid 5975] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5974] <... futex resumed>) = 0 [pid 5974] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5974] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5975] <... futex resumed>) = 1 [pid 5975] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5975] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5974] <... futex resumed>) = 0 [pid 5974] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5974] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5975] <... futex resumed>) = 1 [pid 5975] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5975] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5974] <... futex resumed>) = 0 [pid 5974] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5974] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5975] <... futex resumed>) = 1 [pid 5975] write(4, "\x00\x00", 2) = 2 [pid 5975] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5974] <... futex resumed>) = 0 [pid 5974] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5974] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5974] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5974] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5974] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5977], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5977 [pid 5974] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5974] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5975] <... futex resumed>) = 1 [pid 5975] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5975] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5975] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5977 attached [pid 5977] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5977] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5977] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5977] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5974] <... futex resumed>) = 0 [pid 5974] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5974] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5975] <... futex resumed>) = 0 [pid 5975] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5975] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5974] <... futex resumed>) = 0 [pid 5974] exit_group(0) = ? [pid 5975] <... futex resumed>) = ? [pid 5975] +++ exited with 0 +++ [pid 5977] <... futex resumed>) = ? [pid 5977] +++ exited with 0 +++ [pid 5974] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5974, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./299", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./299", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./299/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./299/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./299/binderfs") = 0 umount2("./299/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 103.497439][ T5975] loop0: detected capacity change from 0 to 256 [ 103.506276][ T5975] exfat: Deprecated parameter 'utf8' [ 103.516843][ T5975] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./299/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./299/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./299/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./299/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./299/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./299") = 0 mkdir("./300", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5978 attached , child_tidptr=0x555556b3a6d0) = 5978 [pid 5978] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5978] chdir("./300") = 0 [pid 5978] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5978] setpgid(0, 0) = 0 [pid 5978] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5978] write(3, "1000", 4) = 4 [pid 5978] close(3) = 0 [pid 5978] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5978] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5978] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5978] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5978] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5979 attached [pid 5979] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5978] <... clone resumed>, parent_tid=[5979], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5979 [pid 5979] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5978] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5979] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5978] <... futex resumed>) = 0 [pid 5978] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5979] memfd_create("syzkaller", 0) = 3 [pid 5979] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5979] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5979] munmap(0x7f2656609000, 131072) = 0 [pid 5979] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5979] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5979] close(3) = 0 [pid 5979] mkdir("./file2", 0777) = 0 [pid 5979] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5979] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5979] chdir("./file2") = 0 [pid 5979] ioctl(4, LOOP_CLR_FD) = 0 [pid 5979] close(4) = 0 [pid 5979] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5978] <... futex resumed>) = 0 [pid 5979] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5978] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5978] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5979] <... openat resumed>) = 4 [pid 5979] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5978] <... futex resumed>) = 0 [pid 5979] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5978] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5978] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5979] <... openat resumed>) = 5 [pid 5979] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5978] <... futex resumed>) = 0 [pid 5979] write(4, "\x00\x00", 2 [pid 5978] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5979] <... write resumed>) = 2 [pid 5978] <... futex resumed>) = 0 [pid 5978] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5979] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5978] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5979] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5978] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5978] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5979] <... mmap resumed>) = 0x20000000 [pid 5978] <... futex resumed>) = 0 [pid 5979] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5978] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5979] <... futex resumed>) = 0 [pid 5979] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5978] <... mmap resumed>) = 0x7f2656608000 [pid 5978] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5978] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5980], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5980 ./strace-static-x86_64: Process 5980 attached [pid 5980] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5980] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5978] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5980] <... futex resumed>) = 0 [pid 5980] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5980] openat(AT_FDCWD, "", O_RDONLY [pid 5978] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5980] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5980] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5978] <... futex resumed>) = 0 [pid 5978] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5978] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5980] <... futex resumed>) = 1 [pid 5980] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5979] <... futex resumed>) = 0 [pid 5979] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5979] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5978] <... futex resumed>) = 0 [pid 5978] exit_group(0 [pid 5979] ???( [pid 5978] <... exit_group resumed>) = ? [pid 5979] <... ??? resumed>) = ? [pid 5980] <... futex resumed>) = ? [pid 5980] +++ exited with 0 +++ [pid 5979] +++ exited with 0 +++ [pid 5978] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5978, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./300", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./300", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./300/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./300/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./300/binderfs") = 0 [ 103.622854][ T5979] loop0: detected capacity change from 0 to 256 [ 103.631342][ T5979] exfat: Deprecated parameter 'utf8' [ 103.642652][ T5979] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./300/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./300/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./300/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./300/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./300/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./300/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./300") = 0 mkdir("./301", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5981 ./strace-static-x86_64: Process 5981 attached [pid 5981] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5981] chdir("./301") = 0 [pid 5981] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5981] setpgid(0, 0) = 0 [pid 5981] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5981] write(3, "1000", 4) = 4 [pid 5981] close(3) = 0 [pid 5981] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5981] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5981] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5981] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5981] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5982 attached , parent_tid=[5982], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5982 [pid 5981] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5981] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5982] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5982] memfd_create("syzkaller", 0) = 3 [pid 5982] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5982] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5982] munmap(0x7f2656609000, 131072) = 0 [pid 5982] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5982] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5982] close(3) = 0 [pid 5982] mkdir("./file2", 0777) = 0 [pid 5982] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5982] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5982] chdir("./file2") = 0 [pid 5982] ioctl(4, LOOP_CLR_FD) = 0 [pid 5982] close(4) = 0 [pid 5982] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5982] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5981] <... futex resumed>) = 0 [pid 5981] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5982] <... futex resumed>) = 0 [pid 5981] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5982] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5982] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5982] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5981] <... futex resumed>) = 0 [pid 5981] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5982] <... futex resumed>) = 0 [pid 5982] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5982] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5982] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5981] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5981] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5982] <... futex resumed>) = 0 [pid 5982] write(4, "\x00\x00", 2) = 2 [pid 5981] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5982] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5982] <... futex resumed>) = 0 [pid 5982] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5981] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5982] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5981] <... futex resumed>) = 0 [pid 5982] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5981] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5981] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5982] <... mmap resumed>) = 0x20000000 [pid 5981] <... mmap resumed>) = 0x7f2656608000 [pid 5982] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5981] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 5982] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5981] <... mprotect resumed>) = 0 [pid 5981] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5983 attached , parent_tid=[5983], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5983 [pid 5983] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5983] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5981] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5983] <... futex resumed>) = 0 [pid 5983] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5983] openat(AT_FDCWD, "", O_RDONLY [pid 5981] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5983] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5983] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] <... futex resumed>) = 0 [pid 5981] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5981] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5983] <... futex resumed>) = 1 [pid 5983] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5982] <... futex resumed>) = 0 [pid 5982] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5982] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5981] <... futex resumed>) = 0 [pid 5981] exit_group(0) = ? [pid 5983] <... futex resumed>) = ? [pid 5983] +++ exited with 0 +++ [pid 5982] +++ exited with 0 +++ [pid 5981] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5981, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./301", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./301", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./301/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./301/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./301/binderfs") = 0 [ 103.755460][ T5982] loop0: detected capacity change from 0 to 256 [ 103.764169][ T5982] exfat: Deprecated parameter 'utf8' [ 103.773606][ T5982] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./301/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./301/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./301/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./301/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./301/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./301/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./301") = 0 mkdir("./302", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5984 ./strace-static-x86_64: Process 5984 attached [pid 5984] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5984] chdir("./302") = 0 [pid 5984] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5984] setpgid(0, 0) = 0 [pid 5984] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5984] write(3, "1000", 4) = 4 [pid 5984] close(3) = 0 [pid 5984] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5984] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5984] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5984] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5984] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5985], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5985 [pid 5984] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5984] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5985 attached [pid 5985] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5985] memfd_create("syzkaller", 0) = 3 [pid 5985] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5985] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5985] munmap(0x7f2656609000, 131072) = 0 [pid 5985] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5985] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5985] close(3) = 0 [pid 5985] mkdir("./file2", 0777) = 0 [pid 5985] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5985] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5985] chdir("./file2") = 0 [pid 5985] ioctl(4, LOOP_CLR_FD) = 0 [pid 5985] close(4) = 0 [pid 5985] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5984] <... futex resumed>) = 0 [pid 5985] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5984] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5984] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5985] <... openat resumed>) = 4 [pid 5985] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5984] <... futex resumed>) = 0 [pid 5985] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5984] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5985] <... openat resumed>) = 5 [pid 5984] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5985] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5984] <... futex resumed>) = 0 [pid 5985] write(4, "\x00\x00", 2 [pid 5984] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5985] <... write resumed>) = 2 [pid 5984] <... futex resumed>) = 0 [pid 5985] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5984] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5985] <... futex resumed>) = 0 [pid 5984] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5985] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5984] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5985] <... mmap resumed>) = 0x20000000 [pid 5984] <... futex resumed>) = 0 [pid 5985] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5984] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5985] <... futex resumed>) = 0 [pid 5984] <... futex resumed>) = 0 [pid 5985] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5984] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5984] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5984] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5988], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5988 [pid 5984] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5984] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5988 attached [pid 5988] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5988] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5988] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5988] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5984] <... futex resumed>) = 0 [pid 5984] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5985] <... futex resumed>) = 0 [pid 5984] <... futex resumed>) = 1 [pid 5985] getdents64(-1, [pid 5984] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5985] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5985] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5984] <... futex resumed>) = 0 [pid 5985] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5984] exit_group(0 [pid 5988] <... futex resumed>) = ? [pid 5985] <... futex resumed>) = ? [pid 5984] <... exit_group resumed>) = ? [ 103.865606][ T5985] loop0: detected capacity change from 0 to 256 [ 103.875696][ T5985] exfat: Deprecated parameter 'utf8' [ 103.886130][ T5985] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5988] +++ exited with 0 +++ [pid 5985] +++ exited with 0 +++ [pid 5984] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5984, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./302", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./302", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./302/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./302/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./302/binderfs") = 0 umount2("./302/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./302/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./302/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./302/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./302/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./302/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./302") = 0 mkdir("./303", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5989 ./strace-static-x86_64: Process 5989 attached [pid 5989] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5989] chdir("./303") = 0 [pid 5989] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5989] setpgid(0, 0) = 0 [pid 5989] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5989] write(3, "1000", 4) = 4 [pid 5989] close(3) = 0 [pid 5989] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5989] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5989] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5989] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5989] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5990 attached , parent_tid=[5990], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5990 [pid 5989] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5989] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5990] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5990] memfd_create("syzkaller", 0) = 3 [pid 5990] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5990] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5990] munmap(0x7f2656609000, 131072) = 0 [pid 5990] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5990] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5990] close(3) = 0 [pid 5990] mkdir("./file2", 0777) = 0 [pid 5990] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5990] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5990] chdir("./file2") = 0 [pid 5990] ioctl(4, LOOP_CLR_FD) = 0 [pid 5990] close(4) = 0 [pid 5990] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5989] <... futex resumed>) = 0 [pid 5990] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5989] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5990] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5989] <... futex resumed>) = 0 [pid 5990] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5989] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5990] <... openat resumed>) = 4 [pid 5990] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5989] <... futex resumed>) = 0 [pid 5990] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5989] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5990] <... openat resumed>) = 5 [pid 5989] <... futex resumed>) = 0 [pid 5990] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5989] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5990] <... futex resumed>) = 0 [pid 5989] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5990] write(4, "\x00\x00", 2 [pid 5989] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5990] <... write resumed>) = 2 [pid 5989] <... futex resumed>) = 0 [pid 5990] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5989] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5990] <... futex resumed>) = 0 [pid 5989] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5990] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5989] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5990] <... mmap resumed>) = 0x20000000 [pid 5989] <... futex resumed>) = 0 [pid 5990] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5989] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5990] <... futex resumed>) = 0 [pid 5989] <... futex resumed>) = 0 [pid 5990] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5989] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5989] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5989] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5991], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5991 ./strace-static-x86_64: Process 5991 attached [pid 5989] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5989] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5991] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5991] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5991] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5991] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5989] <... futex resumed>) = 0 [pid 5991] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5989] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5990] <... futex resumed>) = 0 [pid 5989] <... futex resumed>) = 1 [pid 5990] getdents64(-1, [pid 5989] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5990] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5990] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5989] <... futex resumed>) = 0 [pid 5990] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5989] exit_group(0 [pid 5991] <... futex resumed>) = ? [pid 5990] <... futex resumed>) = ? [pid 5989] <... exit_group resumed>) = ? [pid 5991] +++ exited with 0 +++ [pid 5990] +++ exited with 0 +++ [pid 5989] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5989, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./303", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./303", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./303/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./303/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./303/binderfs") = 0 [ 104.016806][ T5990] loop0: detected capacity change from 0 to 256 [ 104.025342][ T5990] exfat: Deprecated parameter 'utf8' [ 104.035094][ T5990] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./303/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./303/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./303/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./303/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./303/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./303/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./303") = 0 mkdir("./304", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5992 ./strace-static-x86_64: Process 5992 attached [pid 5992] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5992] chdir("./304") = 0 [pid 5992] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5992] setpgid(0, 0) = 0 [pid 5992] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5992] write(3, "1000", 4) = 4 [pid 5992] close(3) = 0 [pid 5992] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5992] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5992] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5992] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5992] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5993], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5993 [pid 5992] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5992] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5993 attached [pid 5993] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5993] memfd_create("syzkaller", 0) = 3 [pid 5993] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5993] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5993] munmap(0x7f2656609000, 131072) = 0 [pid 5993] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5993] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5993] close(3) = 0 [pid 5993] mkdir("./file2", 0777) = 0 [pid 5993] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5993] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5993] chdir("./file2") = 0 [pid 5993] ioctl(4, LOOP_CLR_FD) = 0 [pid 5993] close(4) = 0 [pid 5993] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5992] <... futex resumed>) = 0 [pid 5992] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5992] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5993] <... futex resumed>) = 1 [pid 5993] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5993] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5992] <... futex resumed>) = 0 [pid 5992] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5992] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5993] <... futex resumed>) = 1 [pid 5993] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5993] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5992] <... futex resumed>) = 0 [pid 5992] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5992] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5993] <... futex resumed>) = 1 [pid 5993] write(4, "\x00\x00", 2) = 2 [pid 5993] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5992] <... futex resumed>) = 0 [pid 5992] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5992] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5992] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5992] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5992] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5994], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5994 [pid 5992] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5992] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5993] <... futex resumed>) = 1 [pid 5993] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 ./strace-static-x86_64: Process 5994 attached [pid 5994] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5994] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5994] openat(AT_FDCWD, "", O_RDONLY [pid 5993] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5993] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5994] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5994] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5992] <... futex resumed>) = 0 [pid 5992] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5992] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5993] <... futex resumed>) = 0 [pid 5993] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5994] <... futex resumed>) = 1 [pid 5993] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5994] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5992] <... futex resumed>) = 0 [pid 5992] exit_group(0) = ? [pid 5993] <... futex resumed>) = ? [pid 5994] <... futex resumed>) = ? [pid 5993] +++ exited with 0 +++ [pid 5994] +++ exited with 0 +++ [pid 5992] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5992, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./304", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./304", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./304/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./304/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./304/binderfs") = 0 umount2("./304/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./304/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./304/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 104.111567][ T5993] loop0: detected capacity change from 0 to 256 [ 104.122298][ T5993] exfat: Deprecated parameter 'utf8' [ 104.132416][ T5993] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./304/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./304/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./304/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./304") = 0 mkdir("./305", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5995 attached , child_tidptr=0x555556b3a6d0) = 5995 [pid 5995] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5995] chdir("./305") = 0 [pid 5995] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5995] setpgid(0, 0) = 0 [pid 5995] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5995] write(3, "1000", 4) = 4 [pid 5995] close(3) = 0 [pid 5995] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5995] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5995] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5995] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5995] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5996], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5996 [pid 5995] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5995] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5996 attached [pid 5996] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5996] memfd_create("syzkaller", 0) = 3 [pid 5996] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5996] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5996] munmap(0x7f2656609000, 131072) = 0 [pid 5996] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5996] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5996] close(3) = 0 [pid 5996] mkdir("./file2", 0777) = 0 [pid 5996] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5996] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5996] chdir("./file2") = 0 [pid 5996] ioctl(4, LOOP_CLR_FD) = 0 [pid 5996] close(4) = 0 [pid 5996] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5995] <... futex resumed>) = 0 [pid 5996] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5995] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5996] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5995] <... futex resumed>) = 0 [pid 5996] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5995] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5996] <... openat resumed>) = 4 [pid 5996] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5996] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5995] <... futex resumed>) = 0 [pid 5995] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5996] <... futex resumed>) = 0 [pid 5995] <... futex resumed>) = 1 [pid 5996] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5995] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5996] <... openat resumed>) = 5 [pid 5996] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5995] <... futex resumed>) = 0 [pid 5996] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5995] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5996] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5995] <... futex resumed>) = 0 [pid 5996] write(4, "\x00\x00", 2 [pid 5995] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5996] <... write resumed>) = 2 [pid 5996] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5995] <... futex resumed>) = 0 [pid 5996] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5995] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5996] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5995] <... futex resumed>) = 0 [pid 5996] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5995] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5996] <... mmap resumed>) = 0x20000000 [pid 5995] <... futex resumed>) = 0 [pid 5996] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5995] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5996] <... futex resumed>) = 0 [pid 5995] <... mmap resumed>) = 0x7f2656608000 [pid 5996] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5995] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5995] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5997], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 5997 ./strace-static-x86_64: Process 5997 attached [pid 5995] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5995] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5997] set_robust_list(0x7f26566289e0, 24) = 0 [pid 5997] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5997] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5997] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5995] <... futex resumed>) = 0 [pid 5997] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5995] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5996] <... futex resumed>) = 0 [pid 5995] <... futex resumed>) = 1 [pid 5996] getdents64(-1, [pid 5995] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5996] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5996] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5995] <... futex resumed>) = 0 [pid 5996] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5995] exit_group(0 [pid 5997] <... futex resumed>) = ? [pid 5996] <... futex resumed>) = ? [pid 5995] <... exit_group resumed>) = ? [pid 5997] +++ exited with 0 +++ [pid 5996] +++ exited with 0 +++ [pid 5995] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5995, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./305", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./305", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./305/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./305/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./305/binderfs") = 0 umount2("./305/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./305/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./305/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./305/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 104.229101][ T5996] loop0: detected capacity change from 0 to 256 [ 104.238251][ T5996] exfat: Deprecated parameter 'utf8' [ 104.248898][ T5996] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) openat(AT_FDCWD, "./305/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./305/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./305") = 0 mkdir("./306", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 5998 ./strace-static-x86_64: Process 5998 attached [pid 5998] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5998] chdir("./306") = 0 [pid 5998] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5998] setpgid(0, 0) = 0 [pid 5998] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5998] write(3, "1000", 4) = 4 [pid 5998] close(3) = 0 [pid 5998] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5998] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5998] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 5998] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5998] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5999 attached , parent_tid=[5999], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 5999 [pid 5999] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 5999] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5998] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5999] <... futex resumed>) = 0 [pid 5998] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5999] memfd_create("syzkaller", 0) = 3 [pid 5999] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 5999] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5999] munmap(0x7f2656609000, 131072) = 0 [pid 5999] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5999] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5999] close(3) = 0 [pid 5999] mkdir("./file2", 0777) = 0 [pid 5999] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5999] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5999] chdir("./file2") = 0 [pid 5999] ioctl(4, LOOP_CLR_FD) = 0 [pid 5999] close(4) = 0 [pid 5999] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5998] <... futex resumed>) = 0 [pid 5998] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5999] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5998] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5999] <... openat resumed>) = 4 [pid 5999] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5998] <... futex resumed>) = 0 [pid 5998] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5998] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5999] <... futex resumed>) = 1 [pid 5999] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5999] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5998] <... futex resumed>) = 0 [pid 5999] <... futex resumed>) = 1 [pid 5998] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5998] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5999] write(4, "\x00\x00", 2) = 2 [pid 5999] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5998] <... futex resumed>) = 0 [pid 5998] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5998] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5998] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 5998] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5998] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6000 attached [pid 6000] set_robust_list(0x7f26566289e0, 24 [pid 5998] <... clone resumed>, parent_tid=[6000], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6000 [pid 6000] <... set_robust_list resumed>) = 0 [pid 5998] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6000] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5998] <... futex resumed>) = 0 [pid 5998] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5999] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6000] <... openat resumed>) = 6 [pid 6000] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5998] <... futex resumed>) = 0 [pid 6000] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5998] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5998] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6000] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6000] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 6000] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5999] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5998] <... futex resumed>) = 0 [pid 5998] exit_group(0 [pid 5999] <... futex resumed>) = 0 [pid 5998] <... exit_group resumed>) = ? [pid 5999] +++ exited with 0 +++ [pid 6000] <... futex resumed>) = ? [pid 6000] +++ exited with 0 +++ [pid 5998] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5998, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./306", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./306", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./306/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./306/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./306/binderfs") = 0 [ 104.350430][ T5999] loop0: detected capacity change from 0 to 256 [ 104.359261][ T5999] exfat: Deprecated parameter 'utf8' [ 104.370597][ T5999] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./306/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./306/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./306/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./306/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./306/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./306/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./306") = 0 mkdir("./307", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6001 ./strace-static-x86_64: Process 6001 attached [pid 6001] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6001] chdir("./307") = 0 [pid 6001] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6001] setpgid(0, 0) = 0 [pid 6001] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6001] write(3, "1000", 4) = 4 [pid 6001] close(3) = 0 [pid 6001] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6001] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6001] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6001] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6001] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6002], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6002 [pid 6001] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6001] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6002 attached [pid 6002] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6002] memfd_create("syzkaller", 0) = 3 [pid 6002] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6002] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6002] munmap(0x7f2656609000, 131072) = 0 [pid 6002] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6002] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6002] close(3) = 0 [pid 6002] mkdir("./file2", 0777) = 0 [pid 6002] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6002] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6002] chdir("./file2") = 0 [pid 6002] ioctl(4, LOOP_CLR_FD) = 0 [pid 6002] close(4) = 0 [pid 6002] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6002] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6001] <... futex resumed>) = 0 [pid 6001] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6002] <... futex resumed>) = 0 [pid 6001] <... futex resumed>) = 1 [pid 6002] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6001] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6002] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6001] <... futex resumed>) = 0 [pid 6002] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6001] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6002] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6002] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6001] <... futex resumed>) = 0 [pid 6002] <... openat resumed>) = 5 [pid 6001] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6002] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6001] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6002] <... futex resumed>) = 0 [pid 6001] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6002] write(4, "\x00\x00", 2 [pid 6001] <... futex resumed>) = 0 [pid 6002] <... write resumed>) = 2 [pid 6001] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6002] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6001] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6002] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6001] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6002] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6001] <... futex resumed>) = 0 [pid 6002] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6001] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6002] <... mmap resumed>) = 0x20000000 [pid 6001] <... futex resumed>) = 0 [pid 6002] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6001] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6002] <... futex resumed>) = 0 [pid 6001] <... mmap resumed>) = 0x7f2656608000 [pid 6002] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6001] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6001] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6003 attached , parent_tid=[6003], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6003 [pid 6003] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6003] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6001] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6001] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6003] <... futex resumed>) = 0 [pid 6003] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6003] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6003] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6001] <... futex resumed>) = 0 [pid 6001] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6001] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6003] <... futex resumed>) = 1 [pid 6003] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6002] <... futex resumed>) = 0 [pid 6002] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6002] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6002] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6001] <... futex resumed>) = 0 [pid 6001] exit_group(0 [pid 6002] <... futex resumed>) = ? [pid 6001] <... exit_group resumed>) = ? [pid 6002] +++ exited with 0 +++ [pid 6003] <... futex resumed>) = ? [pid 6003] +++ exited with 0 +++ [pid 6001] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6001, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./307", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./307", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./307/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./307/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./307/binderfs") = 0 [ 104.454753][ T6002] loop0: detected capacity change from 0 to 256 [ 104.458158][ T5080] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 104.464870][ T6002] exfat: Deprecated parameter 'utf8' [ 104.482144][ T6002] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./307/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./307/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./307/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./307/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./307/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./307/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./307") = 0 mkdir("./308", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6005 attached [pid 6005] set_robust_list(0x555556b3a6e0, 24 [pid 5078] <... clone resumed>, child_tidptr=0x555556b3a6d0) = 6005 [pid 6005] <... set_robust_list resumed>) = 0 [pid 6005] chdir("./308") = 0 [pid 6005] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6005] setpgid(0, 0) = 0 [pid 6005] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6005] write(3, "1000", 4) = 4 [pid 6005] close(3) = 0 [pid 6005] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6005] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6005] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6005] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6005] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6006], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6006 [pid 6005] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6005] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6006 attached [pid 6006] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6006] memfd_create("syzkaller", 0) = 3 [pid 6006] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6006] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6006] munmap(0x7f2656609000, 131072) = 0 [pid 6006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6006] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6006] close(3) = 0 [pid 6006] mkdir("./file2", 0777) = 0 [pid 6006] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6006] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6006] chdir("./file2") = 0 [pid 6006] ioctl(4, LOOP_CLR_FD) = 0 [pid 6006] close(4) = 0 [pid 6006] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6005] <... futex resumed>) = 0 [pid 6005] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6005] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6006] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6006] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6005] <... futex resumed>) = 0 [pid 6005] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6006] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6005] <... futex resumed>) = 0 [pid 6005] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6006] <... openat resumed>) = 5 [pid 6006] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6005] <... futex resumed>) = 0 [pid 6005] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6005] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6006] write(4, "\x00\x00", 2) = 2 [pid 6006] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6005] <... futex resumed>) = 0 [pid 6005] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6005] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6005] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6006] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6005] <... mmap resumed>) = 0x7f2656608000 [pid 6005] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6006] <... mmap resumed>) = 0x20000000 [pid 6005] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6006] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] <... clone resumed>, parent_tid=[6007], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6007 [pid 6006] <... futex resumed>) = 0 [pid 6005] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6006] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6005] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6007 attached [pid 6007] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6007] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6007] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6007] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] <... futex resumed>) = 0 [pid 6005] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6005] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6006] <... futex resumed>) = 0 [pid 6006] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6006] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6005] <... futex resumed>) = 0 [pid 6006] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6005] exit_group(0 [pid 6006] <... futex resumed>) = ? [pid 6005] <... exit_group resumed>) = ? [pid 6006] +++ exited with 0 +++ [pid 6007] <... futex resumed>) = ? [pid 6007] +++ exited with 0 +++ [pid 6005] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6005, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./308", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./308", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./308/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./308/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./308/binderfs") = 0 [ 104.586834][ T6006] loop0: detected capacity change from 0 to 256 [ 104.596536][ T6006] exfat: Deprecated parameter 'utf8' [ 104.607893][ T6006] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./308/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./308/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./308/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./308/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./308/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./308/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./308") = 0 mkdir("./309", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6008 ./strace-static-x86_64: Process 6008 attached [pid 6008] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6008] chdir("./309") = 0 [pid 6008] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6008] setpgid(0, 0) = 0 [pid 6008] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6008] write(3, "1000", 4) = 4 [pid 6008] close(3) = 0 [pid 6008] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6008] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6008] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6008] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6008] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6009 attached , parent_tid=[6009], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6009 [pid 6009] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6009] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6008] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6009] <... futex resumed>) = 0 [pid 6008] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6009] memfd_create("syzkaller", 0) = 3 [pid 6009] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6009] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6009] munmap(0x7f2656609000, 131072) = 0 [pid 6009] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6009] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6009] close(3) = 0 [pid 6009] mkdir("./file2", 0777) = 0 [pid 6009] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6009] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6009] chdir("./file2") = 0 [pid 6009] ioctl(4, LOOP_CLR_FD) = 0 [pid 6009] close(4) = 0 [pid 6009] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] <... futex resumed>) = 0 [pid 6008] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6008] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6009] <... futex resumed>) = 1 [pid 6009] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6009] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] <... futex resumed>) = 0 [pid 6008] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6008] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6009] <... futex resumed>) = 1 [pid 6009] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6009] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] <... futex resumed>) = 0 [pid 6008] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6008] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6009] <... futex resumed>) = 1 [pid 6009] write(4, "\x00\x00", 2) = 2 [pid 6009] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] <... futex resumed>) = 0 [pid 6008] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6008] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6008] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6008] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6008] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6010 attached , parent_tid=[6010], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6010 [pid 6008] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6008] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6009] <... futex resumed>) = 1 [pid 6009] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6010] set_robust_list(0x7f26566289e0, 24 [pid 6009] <... mmap resumed>) = 0x20000000 [pid 6009] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6009] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6010] <... set_robust_list resumed>) = 0 [pid 6010] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6010] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6010] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] <... futex resumed>) = 0 [pid 6008] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6009] <... futex resumed>) = 0 [pid 6008] <... futex resumed>) = 1 [pid 6010] <... futex resumed>) = 1 [pid 6009] getdents64(-1, [pid 6008] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6010] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6009] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6009] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6008] <... futex resumed>) = 0 [pid 6009] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6008] exit_group(0 [pid 6010] <... futex resumed>) = ? [pid 6009] <... futex resumed>) = ? [pid 6008] <... exit_group resumed>) = ? [pid 6010] +++ exited with 0 +++ [pid 6009] +++ exited with 0 +++ [pid 6008] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6008, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./309", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./309", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./309/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./309/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./309/binderfs") = 0 umount2("./309/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 104.719935][ T6009] loop0: detected capacity change from 0 to 256 [ 104.728851][ T6009] exfat: Deprecated parameter 'utf8' [ 104.740248][ T6009] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./309/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./309/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./309/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./309/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./309/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./309") = 0 mkdir("./310", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6011 ./strace-static-x86_64: Process 6011 attached [pid 6011] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6011] chdir("./310") = 0 [pid 6011] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6011] setpgid(0, 0) = 0 [pid 6011] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6011] write(3, "1000", 4) = 4 [pid 6011] close(3) = 0 [pid 6011] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6011] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6011] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6011] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6011] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6012 attached [pid 6012] set_robust_list(0x7f265ea299e0, 24 [pid 6011] <... clone resumed>, parent_tid=[6012], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6012 [pid 6012] <... set_robust_list resumed>) = 0 [pid 6011] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6011] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6012] memfd_create("syzkaller", 0) = 3 [pid 6012] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6012] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6012] munmap(0x7f2656609000, 131072) = 0 [pid 6012] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6012] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6012] close(3) = 0 [pid 6012] mkdir("./file2", 0777) = 0 [pid 6012] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6012] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6012] chdir("./file2") = 0 [pid 6012] ioctl(4, LOOP_CLR_FD) = 0 [pid 6012] close(4) = 0 [pid 6012] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6012] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6011] <... futex resumed>) = 0 [pid 6011] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6012] <... futex resumed>) = 0 [pid 6011] <... futex resumed>) = 1 [pid 6012] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6011] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6012] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6012] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6011] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6011] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6012] <... futex resumed>) = 0 [pid 6011] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6012] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6012] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6011] <... futex resumed>) = 0 [pid 6012] write(4, "\x00\x00", 2 [pid 6011] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6012] <... write resumed>) = 2 [pid 6011] <... futex resumed>) = 0 [pid 6012] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6011] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6012] <... futex resumed>) = 0 [pid 6011] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6011] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6011] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6012] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6011] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6012] <... mmap resumed>) = 0x20000000 [pid 6012] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6011] <... mmap resumed>) = 0x7f2656608000 [pid 6011] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6012] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6011] <... mprotect resumed>) = 0 [pid 6011] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6013 attached , parent_tid=[6013], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6013 [pid 6011] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6013] set_robust_list(0x7f26566289e0, 24 [pid 6011] <... futex resumed>) = 0 [pid 6013] <... set_robust_list resumed>) = 0 [pid 6011] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6013] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6013] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6013] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6011] <... futex resumed>) = 0 [pid 6013] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6011] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6012] <... futex resumed>) = 0 [pid 6011] <... futex resumed>) = 1 [pid 6012] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6011] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6012] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6011] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6012] <... futex resumed>) = 0 [pid 6012] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6011] exit_group(0 [pid 6012] <... futex resumed>) = ? [pid 6011] <... exit_group resumed>) = ? [pid 6012] +++ exited with 0 +++ [pid 6013] <... futex resumed>) = ? [pid 6013] +++ exited with 0 +++ [pid 6011] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6011, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./310", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./310", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./310/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./310/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./310/binderfs") = 0 umount2("./310/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./310/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./310/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./310/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./310/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./310/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 [ 104.842367][ T6012] loop0: detected capacity change from 0 to 256 [ 104.852857][ T6012] exfat: Deprecated parameter 'utf8' [ 104.862622][ T6012] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) close(3) = 0 rmdir("./310") = 0 mkdir("./311", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6014 ./strace-static-x86_64: Process 6014 attached [pid 6014] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6014] chdir("./311") = 0 [pid 6014] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6014] setpgid(0, 0) = 0 [pid 6014] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6014] write(3, "1000", 4) = 4 [pid 6014] close(3) = 0 [pid 6014] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6014] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6014] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6014] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6014] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6015 attached [pid 6015] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6015] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6014] <... clone resumed>, parent_tid=[6015], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6015 [pid 6014] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6015] <... futex resumed>) = 0 [pid 6014] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6015] memfd_create("syzkaller", 0) = 3 [pid 6015] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6015] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6015] munmap(0x7f2656609000, 131072) = 0 [pid 6015] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6015] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6015] close(3) = 0 [pid 6015] mkdir("./file2", 0777) = 0 [pid 6015] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6015] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6015] chdir("./file2") = 0 [pid 6015] ioctl(4, LOOP_CLR_FD) = 0 [pid 6015] close(4) = 0 [pid 6015] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6014] <... futex resumed>) = 0 [pid 6014] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6014] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6015] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6015] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6014] <... futex resumed>) = 0 [pid 6014] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6014] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6015] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6015] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6014] <... futex resumed>) = 0 [pid 6014] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6014] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6015] write(4, "\x00\x00", 2) = 2 [pid 6015] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6014] <... futex resumed>) = 0 [pid 6014] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6014] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6014] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6015] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6014] <... mmap resumed>) = 0x7f2656608000 [pid 6014] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6015] <... mmap resumed>) = 0x20000000 [pid 6014] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6015] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6014] <... clone resumed>, parent_tid=[6016], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6016 [pid 6014] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6014] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6016 attached [pid 6015] <... futex resumed>) = 0 [pid 6015] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6016] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6016] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6016] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6016] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6014] <... futex resumed>) = 0 [pid 6014] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6014] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6016] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6015] <... futex resumed>) = 0 [pid 6015] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6015] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6014] <... futex resumed>) = 0 [pid 6014] exit_group(0) = ? [pid 6015] +++ exited with 0 +++ [pid 6016] <... futex resumed>) = ? [pid 6016] +++ exited with 0 +++ [pid 6014] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6014, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./311", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./311", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./311/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./311/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./311/binderfs") = 0 [ 104.955114][ T6015] loop0: detected capacity change from 0 to 256 [ 104.964034][ T6015] exfat: Deprecated parameter 'utf8' [ 104.975273][ T6015] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./311/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./311/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./311/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./311/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./311/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./311/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./311") = 0 mkdir("./312", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6017 attached [pid 6017] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6017] chdir("./312") = 0 [pid 6017] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6017] setpgid(0, 0 [pid 5078] <... clone resumed>, child_tidptr=0x555556b3a6d0) = 6017 [pid 6017] <... setpgid resumed>) = 0 [pid 6017] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6017] write(3, "1000", 4) = 4 [pid 6017] close(3) = 0 [pid 6017] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6017] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6017] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6017] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6017] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6018 attached , parent_tid=[6018], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6018 [pid 6018] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6018] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6017] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6018] <... futex resumed>) = 0 [pid 6017] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6018] memfd_create("syzkaller", 0) = 3 [pid 6018] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6018] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6018] munmap(0x7f2656609000, 131072) = 0 [pid 6018] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6018] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6018] close(3) = 0 [pid 6018] mkdir("./file2", 0777) = 0 [pid 6018] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6018] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6018] chdir("./file2") = 0 [pid 6018] ioctl(4, LOOP_CLR_FD) = 0 [pid 6018] close(4) = 0 [pid 6018] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6017] <... futex resumed>) = 0 [pid 6017] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6018] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6017] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6018] <... openat resumed>) = 4 [pid 6018] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6017] <... futex resumed>) = 0 [pid 6018] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6017] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6018] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6017] <... futex resumed>) = 0 [pid 6018] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6017] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6018] <... openat resumed>) = 5 [pid 6018] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6017] <... futex resumed>) = 0 [pid 6018] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6017] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6018] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6017] <... futex resumed>) = 0 [pid 6018] write(4, "\x00\x00", 2 [pid 6017] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6018] <... write resumed>) = 2 [pid 6018] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6017] <... futex resumed>) = 0 [pid 6018] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6017] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6018] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6017] <... futex resumed>) = 0 [pid 6018] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6017] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6018] <... mmap resumed>) = 0x20000000 [pid 6017] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6018] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6017] <... mmap resumed>) = 0x7f2656608000 [pid 6018] <... futex resumed>) = 0 [pid 6017] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6018] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6017] <... mprotect resumed>) = 0 [pid 6017] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6019], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6019 [pid 6017] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6017] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6019 attached [pid 6019] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6019] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6019] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6019] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6017] <... futex resumed>) = 0 [pid 6017] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6017] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6019] <... futex resumed>) = 1 [pid 6019] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6018] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6018] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6018] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6017] <... futex resumed>) = 0 [pid 6018] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6017] exit_group(0 [pid 6018] <... futex resumed>) = ? [pid 6017] <... exit_group resumed>) = ? [pid 6018] +++ exited with 0 +++ [pid 6019] <... futex resumed>) = ? [pid 6019] +++ exited with 0 +++ [pid 6017] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6017, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./312", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./312", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./312/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./312/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./312/binderfs") = 0 [ 105.084788][ T6018] loop0: detected capacity change from 0 to 256 [ 105.094687][ T6018] exfat: Deprecated parameter 'utf8' [ 105.104666][ T6018] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./312/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./312/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./312/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./312/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./312/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./312/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./312") = 0 mkdir("./313", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6020 ./strace-static-x86_64: Process 6020 attached [pid 6020] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6020] chdir("./313") = 0 [pid 6020] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6020] setpgid(0, 0) = 0 [pid 6020] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6020] write(3, "1000", 4) = 4 [pid 6020] close(3) = 0 [pid 6020] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6020] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6020] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6020] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6020] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6021 attached , parent_tid=[6021], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6021 [pid 6021] set_robust_list(0x7f265ea299e0, 24 [pid 6020] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6021] <... set_robust_list resumed>) = 0 [pid 6020] <... futex resumed>) = 0 [pid 6020] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6021] memfd_create("syzkaller", 0) = 3 [pid 6021] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6021] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6021] munmap(0x7f2656609000, 131072) = 0 [pid 6021] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6021] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6021] close(3) = 0 [pid 6021] mkdir("./file2", 0777) = 0 [pid 6021] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6021] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6021] chdir("./file2") = 0 [pid 6021] ioctl(4, LOOP_CLR_FD) = 0 [pid 6021] close(4) = 0 [pid 6021] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6020] <... futex resumed>) = 0 [pid 6020] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6021] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6020] <... futex resumed>) = 0 [pid 6020] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6021] <... openat resumed>) = 4 [pid 6021] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6020] <... futex resumed>) = 0 [pid 6021] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6020] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6021] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6020] <... futex resumed>) = 0 [pid 6021] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6020] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6021] <... openat resumed>) = 5 [pid 6021] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6020] <... futex resumed>) = 0 [pid 6021] write(4, "\x00\x00", 2 [pid 6020] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6021] <... write resumed>) = 2 [pid 6020] <... futex resumed>) = 0 [pid 6021] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6020] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6020] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6021] <... futex resumed>) = 0 [pid 6020] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6021] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6020] <... futex resumed>) = 0 [pid 6021] <... mmap resumed>) = 0x20000000 [pid 6020] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6021] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6021] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6020] <... mmap resumed>) = 0x7f2656608000 [pid 6020] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6020] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6022 attached , parent_tid=[6022], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6022 [pid 6020] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6020] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6022] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6022] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6022] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6022] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6022] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6020] <... futex resumed>) = 0 [pid 6020] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6021] <... futex resumed>) = 0 [pid 6020] <... futex resumed>) = 1 [pid 6021] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6020] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6021] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6020] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6021] <... futex resumed>) = 0 [pid 6021] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6020] exit_group(0) = ? [pid 6021] <... futex resumed>) = ? [pid 6021] +++ exited with 0 +++ [pid 6022] <... futex resumed>) = ? [pid 6022] +++ exited with 0 +++ [pid 6020] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6020, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./313", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./313", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./313/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./313/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./313/binderfs") = 0 [ 105.212840][ T6021] loop0: detected capacity change from 0 to 256 [ 105.223729][ T6021] exfat: Deprecated parameter 'utf8' [ 105.234113][ T6021] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./313/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./313/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./313/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./313/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./313/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./313/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./313") = 0 mkdir("./314", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6023 attached [pid 6023] set_robust_list(0x555556b3a6e0, 24 [pid 5078] <... clone resumed>, child_tidptr=0x555556b3a6d0) = 6023 [pid 6023] <... set_robust_list resumed>) = 0 [pid 6023] chdir("./314") = 0 [pid 6023] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6023] setpgid(0, 0) = 0 [pid 6023] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6023] write(3, "1000", 4) = 4 [pid 6023] close(3) = 0 [pid 6023] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6023] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6023] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6023] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6023] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6024 attached [pid 6024] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6024] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6023] <... clone resumed>, parent_tid=[6024], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6024 [pid 6023] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6024] <... futex resumed>) = 0 [pid 6023] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6024] memfd_create("syzkaller", 0) = 3 [pid 6024] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6024] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6024] munmap(0x7f2656609000, 131072) = 0 [pid 6024] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6024] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6024] close(3) = 0 [pid 6024] mkdir("./file2", 0777) = 0 [pid 6024] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6024] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6024] chdir("./file2") = 0 [pid 6024] ioctl(4, LOOP_CLR_FD) = 0 [pid 6024] close(4) = 0 [pid 6024] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6023] <... futex resumed>) = 0 [pid 6023] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6023] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6024] <... futex resumed>) = 1 [pid 6024] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6024] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6023] <... futex resumed>) = 0 [pid 6023] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6023] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6024] <... futex resumed>) = 1 [pid 6024] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6024] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6023] <... futex resumed>) = 0 [pid 6023] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6023] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6024] <... futex resumed>) = 1 [pid 6024] write(4, "\x00\x00", 2) = 2 [pid 6024] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6023] <... futex resumed>) = 0 [pid 6023] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6024] <... futex resumed>) = 1 [pid 6024] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6024] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6023] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6023] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6024] <... futex resumed>) = 1 [pid 6023] <... futex resumed>) = 0 [pid 6023] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 6024] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6024] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6024] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6023] <... futex resumed>) = 0 [pid 6023] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6023] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6024] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6024] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6023] <... futex resumed>) = 0 [pid 6023] exit_group(0 [pid 6024] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6023] <... exit_group resumed>) = ? [pid 6024] <... futex resumed>) = ? [pid 6024] +++ exited with 0 +++ [pid 6023] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6023, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./314", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./314", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./314/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./314/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./314/binderfs") = 0 [ 105.323151][ T6024] loop0: detected capacity change from 0 to 256 [ 105.342210][ T6024] exfat: Deprecated parameter 'utf8' [ 105.351504][ T6024] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./314/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./314/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./314/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./314/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./314/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./314/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./314") = 0 mkdir("./315", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6026 ./strace-static-x86_64: Process 6026 attached [pid 6026] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6026] chdir("./315") = 0 [pid 6026] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6026] setpgid(0, 0) = 0 [pid 6026] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6026] write(3, "1000", 4) = 4 [pid 6026] close(3) = 0 [pid 6026] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6026] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6026] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6026] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6027 attached [pid 6027] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6027] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6026] <... clone resumed>, parent_tid=[6027], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6027 [pid 6026] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6027] <... futex resumed>) = 0 [pid 6026] <... futex resumed>) = 1 [pid 6026] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6027] memfd_create("syzkaller", 0) = 3 [pid 6027] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6027] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6027] munmap(0x7f2656609000, 131072) = 0 [pid 6027] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6027] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6027] close(3) = 0 [pid 6027] mkdir("./file2", 0777) = 0 [pid 6027] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6027] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6027] chdir("./file2") = 0 [pid 6027] ioctl(4, LOOP_CLR_FD) = 0 [pid 6027] close(4) = 0 [pid 6027] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6026] <... futex resumed>) = 0 [pid 6026] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6027] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6026] <... futex resumed>) = 0 [pid 6026] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6027] <... openat resumed>) = 4 [pid 6027] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6026] <... futex resumed>) = 0 [pid 6026] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6027] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6027] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6026] <... futex resumed>) = 0 [pid 6026] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6027] write(4, "\x00\x00", 2) = 2 [pid 6027] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6026] <... futex resumed>) = 0 [pid 6026] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6027] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6026] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6026] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6028], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6028 [pid 6026] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6028 attached [pid 6026] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6028] set_robust_list(0x7f26566289e0, 24 [pid 6027] <... mmap resumed>) = 0x20000000 [pid 6028] <... set_robust_list resumed>) = 0 [pid 6027] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6028] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6027] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6028] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6028] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6026] <... futex resumed>) = 0 [pid 6028] <... futex resumed>) = 1 [pid 6026] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6028] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6026] <... futex resumed>) = 1 [pid 6027] <... futex resumed>) = 0 [pid 6026] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6027] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6027] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6026] <... futex resumed>) = 0 [pid 6027] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6026] exit_group(0) = ? [pid 6027] <... futex resumed>) = ? [pid 6027] +++ exited with 0 +++ [pid 6028] <... futex resumed>) = ? [pid 6028] +++ exited with 0 +++ [pid 6026] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6026, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./315", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./315", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./315/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./315/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./315/binderfs") = 0 umount2("./315/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 105.448989][ T6027] loop0: detected capacity change from 0 to 256 [ 105.459269][ T6027] exfat: Deprecated parameter 'utf8' [ 105.470551][ T6027] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./315/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./315/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./315/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./315/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./315/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./315") = 0 mkdir("./316", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6029 ./strace-static-x86_64: Process 6029 attached [pid 6029] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6029] chdir("./316") = 0 [pid 6029] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6029] setpgid(0, 0) = 0 [pid 6029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6029] write(3, "1000", 4) = 4 [pid 6029] close(3) = 0 [pid 6029] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6029] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6029] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6029] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6030], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6030 ./strace-static-x86_64: Process 6030 attached [pid 6030] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6030] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6029] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6030] <... futex resumed>) = 0 [pid 6030] memfd_create("syzkaller", 0 [pid 6029] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6030] <... memfd_create resumed>) = 3 [pid 6030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6030] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6030] munmap(0x7f2656609000, 131072) = 0 [pid 6030] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6030] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6030] close(3) = 0 [pid 6030] mkdir("./file2", 0777) = 0 [pid 6030] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6030] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6030] chdir("./file2") = 0 [pid 6030] ioctl(4, LOOP_CLR_FD) = 0 [pid 6030] close(4) = 0 [pid 6030] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6029] <... futex resumed>) = 0 [pid 6029] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6029] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6030] <... futex resumed>) = 1 [pid 6030] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6030] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6029] <... futex resumed>) = 0 [pid 6029] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6029] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6030] <... futex resumed>) = 1 [pid 6030] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6030] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6029] <... futex resumed>) = 0 [pid 6029] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6029] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6030] <... futex resumed>) = 1 [pid 6030] write(4, "\x00\x00", 2) = 2 [pid 6030] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6029] <... futex resumed>) = 0 [pid 6029] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6029] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6029] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6030] <... futex resumed>) = 1 [pid 6029] <... mprotect resumed>) = 0 [pid 6029] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6030] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6029] <... clone resumed>, parent_tid=[6031], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6031 [pid 6029] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6031 attached ) = 0 [pid 6031] set_robust_list(0x7f26566289e0, 24 [pid 6029] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6031] <... set_robust_list resumed>) = 0 [pid 6031] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6030] <... mmap resumed>) = 0x20000000 [pid 6031] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 6031] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6029] <... futex resumed>) = 0 [pid 6030] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6029] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6030] <... futex resumed>) = 0 [pid 6029] <... futex resumed>) = 0 [pid 6030] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6029] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6031] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6031] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6029] <... futex resumed>) = 0 [pid 6031] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6029] exit_group(0 [pid 6031] <... futex resumed>) = ? [pid 6030] <... futex resumed>) = ? [pid 6029] <... exit_group resumed>) = ? [pid 6030] +++ exited with 0 +++ [pid 6031] +++ exited with 0 +++ [pid 6029] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6029, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./316", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./316", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./316/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./316/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./316/binderfs") = 0 [ 105.560325][ T6030] loop0: detected capacity change from 0 to 256 [ 105.568866][ T6030] exfat: Deprecated parameter 'utf8' [ 105.578825][ T6030] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./316/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./316/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./316/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./316/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./316/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./316/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./316") = 0 mkdir("./317", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6032 ./strace-static-x86_64: Process 6032 attached [pid 6032] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6032] chdir("./317") = 0 [pid 6032] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6032] setpgid(0, 0) = 0 [pid 6032] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6032] write(3, "1000", 4) = 4 [pid 6032] close(3) = 0 [pid 6032] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6032] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6032] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6032] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6032] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6033], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6033 [pid 6032] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6032] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6033 attached [pid 6033] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6033] memfd_create("syzkaller", 0) = 3 [pid 6033] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6033] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6033] munmap(0x7f2656609000, 131072) = 0 [pid 6033] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6033] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6033] close(3) = 0 [pid 6033] mkdir("./file2", 0777) = 0 [pid 6033] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6033] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6033] chdir("./file2") = 0 [pid 6033] ioctl(4, LOOP_CLR_FD) = 0 [pid 6033] close(4) = 0 [pid 6033] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6032] <... futex resumed>) = 0 [pid 6032] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6032] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6033] <... futex resumed>) = 1 [pid 6033] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6033] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6032] <... futex resumed>) = 0 [pid 6032] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6032] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6033] <... futex resumed>) = 1 [pid 6033] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6033] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6032] <... futex resumed>) = 0 [pid 6032] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6032] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6033] <... futex resumed>) = 1 [pid 6033] write(4, "\x00\x00", 2) = 2 [pid 6033] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6032] <... futex resumed>) = 0 [pid 6032] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6032] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6032] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6032] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6032] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6034], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6034 [pid 6033] <... futex resumed>) = 1 [pid 6032] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6033] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6032] <... futex resumed>) = 0 [pid 6032] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6033] <... mmap resumed>) = 0x20000000 [pid 6033] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6033] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6034 attached [pid 6034] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6034] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6034] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6034] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6032] <... futex resumed>) = 0 [pid 6032] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6033] <... futex resumed>) = 0 [pid 6032] <... futex resumed>) = 1 [pid 6033] getdents64(-1, [pid 6032] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6033] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6033] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6032] <... futex resumed>) = 0 [pid 6033] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6032] exit_group(0 [pid 6033] <... futex resumed>) = ? [pid 6032] <... exit_group resumed>) = ? [pid 6033] +++ exited with 0 +++ [pid 6034] <... futex resumed>) = ? [pid 6034] +++ exited with 0 +++ [pid 6032] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6032, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./317", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./317", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./317/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 105.666033][ T6033] loop0: detected capacity change from 0 to 256 [ 105.675601][ T6033] exfat: Deprecated parameter 'utf8' [ 105.685461][ T6033] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) lstat("./317/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./317/binderfs") = 0 umount2("./317/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./317/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./317/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./317/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./317/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./317/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./317") = 0 mkdir("./318", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6036 ./strace-static-x86_64: Process 6036 attached [pid 6036] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6036] chdir("./318") = 0 [pid 6036] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6036] setpgid(0, 0) = 0 [pid 6036] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6036] write(3, "1000", 4) = 4 [pid 6036] close(3) = 0 [pid 6036] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6036] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6036] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6036] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6036] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6037 attached , parent_tid=[6037], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6037 [pid 6036] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6036] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6037] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6037] memfd_create("syzkaller", 0) = 3 [pid 6037] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6037] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6037] munmap(0x7f2656609000, 131072) = 0 [pid 6037] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6037] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6037] close(3) = 0 [pid 6037] mkdir("./file2", 0777) = 0 [pid 6037] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6037] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6037] chdir("./file2") = 0 [pid 6037] ioctl(4, LOOP_CLR_FD) = 0 [pid 6037] close(4) = 0 [pid 6037] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6036] <... futex resumed>) = 0 [pid 6036] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6036] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6037] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6037] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6036] <... futex resumed>) = 0 [pid 6036] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6036] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6037] <... futex resumed>) = 1 [pid 6037] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6037] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6036] <... futex resumed>) = 0 [pid 6036] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6036] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6037] <... futex resumed>) = 1 [pid 6037] write(4, "\x00\x00", 2) = 2 [pid 6037] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6036] <... futex resumed>) = 0 [pid 6036] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6036] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6036] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6036] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6036] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6038], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6038 [pid 6036] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6036] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6037] <... futex resumed>) = 1 [pid 6037] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0./strace-static-x86_64: Process 6038 attached ) = 0x20000000 [pid 6037] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6038] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6038] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6038] openat(AT_FDCWD, "", O_RDONLY [pid 6037] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6038] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 6038] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6038] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6036] <... futex resumed>) = 0 [pid 6036] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6036] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6037] <... futex resumed>) = 0 [pid 6037] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6037] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6036] <... futex resumed>) = 0 [pid 6037] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6036] exit_group(0 [pid 6038] <... futex resumed>) = ? [pid 6037] <... futex resumed>) = ? [pid 6036] <... exit_group resumed>) = ? [pid 6038] +++ exited with 0 +++ [pid 6037] +++ exited with 0 +++ [pid 6036] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6036, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./318", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./318", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./318/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./318/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./318/binderfs") = 0 [ 105.777191][ T6037] loop0: detected capacity change from 0 to 256 [ 105.786774][ T6037] exfat: Deprecated parameter 'utf8' [ 105.796572][ T6037] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./318/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./318/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./318/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./318/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./318/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./318/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./318") = 0 mkdir("./319", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6039 ./strace-static-x86_64: Process 6039 attached [pid 6039] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6039] chdir("./319") = 0 [pid 6039] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6039] setpgid(0, 0) = 0 [pid 6039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6039] write(3, "1000", 4) = 4 [pid 6039] close(3) = 0 [pid 6039] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6039] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6039] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6039] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6040 attached , parent_tid=[6040], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6040 [pid 6039] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6039] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6040] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6040] memfd_create("syzkaller", 0) = 3 [pid 6040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6040] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6040] munmap(0x7f2656609000, 131072) = 0 [pid 6040] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6040] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6040] close(3) = 0 [pid 6040] mkdir("./file2", 0777) = 0 [pid 6040] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6040] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6040] chdir("./file2") = 0 [pid 6040] ioctl(4, LOOP_CLR_FD) = 0 [pid 6040] close(4) = 0 [pid 6040] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6039] <... futex resumed>) = 0 [pid 6039] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6040] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6039] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6040] <... openat resumed>) = 4 [pid 6040] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6039] <... futex resumed>) = 0 [pid 6039] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6039] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6040] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6040] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6039] <... futex resumed>) = 0 [pid 6039] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6039] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6040] write(4, "\x00\x00", 2) = 2 [pid 6040] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6039] <... futex resumed>) = 0 [pid 6040] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6039] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6040] <... mmap resumed>) = 0x20000000 [pid 6039] <... futex resumed>) = 0 [pid 6039] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6040] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6040] <... futex resumed>) = 0 [pid 6039] <... mmap resumed>) = 0x7f2656608000 [pid 6040] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6039] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6039] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6041 attached , parent_tid=[6041], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6041 [pid 6039] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6039] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6041] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6041] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6041] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6041] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6041] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6039] <... futex resumed>) = 0 [pid 6039] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6039] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6040] <... futex resumed>) = 0 [pid 6040] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6040] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6039] <... futex resumed>) = 0 [pid 6039] exit_group(0) = ? [pid 6041] <... futex resumed>) = ? [pid 6041] +++ exited with 0 +++ [pid 6040] <... futex resumed>) = ? [pid 6040] +++ exited with 0 +++ [pid 6039] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6039, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./319", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./319", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./319/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./319/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./319/binderfs") = 0 umount2("./319/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./319/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./319/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./319/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./319/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./319/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./319") = 0 mkdir("./320", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 105.893548][ T6040] loop0: detected capacity change from 0 to 256 [ 105.902425][ T6040] exfat: Deprecated parameter 'utf8' [ 105.912911][ T6040] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6042 ./strace-static-x86_64: Process 6042 attached [pid 6042] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6042] chdir("./320") = 0 [pid 6042] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6042] setpgid(0, 0) = 0 [pid 6042] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6042] write(3, "1000", 4) = 4 [pid 6042] close(3) = 0 [pid 6042] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6042] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6042] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6042] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6042] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6043], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6043 [pid 6042] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6042] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6043 attached [pid 6043] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6043] memfd_create("syzkaller", 0) = 3 [pid 6043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6043] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6043] munmap(0x7f2656609000, 131072) = 0 [pid 6043] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6043] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6043] close(3) = 0 [pid 6043] mkdir("./file2", 0777) = 0 [pid 6043] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6043] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6043] chdir("./file2") = 0 [pid 6043] ioctl(4, LOOP_CLR_FD) = 0 [pid 6043] close(4) = 0 [pid 6043] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6043] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6042] <... futex resumed>) = 0 [pid 6042] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6042] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6043] <... futex resumed>) = 0 [pid 6043] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6043] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6042] <... futex resumed>) = 0 [pid 6042] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6043] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6042] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6043] <... openat resumed>) = 5 [pid 6043] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6042] <... futex resumed>) = 0 [pid 6042] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6043] write(4, "\x00\x00", 2 [pid 6042] <... futex resumed>) = 0 [pid 6042] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6043] <... write resumed>) = 2 [pid 6043] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6042] <... futex resumed>) = 0 [pid 6043] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6042] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6042] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6042] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6043] <... mmap resumed>) = 0x20000000 [pid 6043] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6042] <... mmap resumed>) = 0x7f2656608000 [pid 6042] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6043] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6042] <... mprotect resumed>) = 0 [pid 6042] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6044], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6044 [pid 6042] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6042] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6044 attached [pid 6044] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6044] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6044] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6044] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6042] <... futex resumed>) = 0 [pid 6044] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6042] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6043] <... futex resumed>) = 0 [pid 6042] <... futex resumed>) = 1 [pid 6043] getdents64(-1, [pid 6042] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6043] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6043] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6042] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6043] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6042] exit_group(0 [pid 6043] <... futex resumed>) = ? [pid 6042] <... exit_group resumed>) = ? [pid 6043] +++ exited with 0 +++ [pid 6044] <... futex resumed>) = ? [pid 6044] +++ exited with 0 +++ [pid 6042] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6042, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./320", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./320", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./320/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./320/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./320/binderfs") = 0 [ 105.989472][ T6043] loop0: detected capacity change from 0 to 256 [ 105.993840][ T5080] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 105.998988][ T6043] exfat: Deprecated parameter 'utf8' [ 106.017520][ T6043] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./320/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./320/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./320/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./320/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./320/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./320/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./320") = 0 mkdir("./321", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6045 ./strace-static-x86_64: Process 6045 attached [pid 6045] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6045] chdir("./321") = 0 [pid 6045] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6045] setpgid(0, 0) = 0 [pid 6045] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6045] write(3, "1000", 4) = 4 [pid 6045] close(3) = 0 [pid 6045] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6045] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6045] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6045] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6045] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6046 attached , parent_tid=[6046], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6046 [pid 6045] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6045] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6046] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6046] memfd_create("syzkaller", 0) = 3 [pid 6046] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6046] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6046] munmap(0x7f2656609000, 131072) = 0 [pid 6046] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6046] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6046] close(3) = 0 [pid 6046] mkdir("./file2", 0777) = 0 [pid 6046] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6046] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6046] chdir("./file2") = 0 [pid 6046] ioctl(4, LOOP_CLR_FD) = 0 [pid 6046] close(4) = 0 [pid 6046] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6046] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6045] <... futex resumed>) = 0 [pid 6045] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6045] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6046] <... futex resumed>) = 0 [pid 6046] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6046] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6045] <... futex resumed>) = 0 [pid 6046] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6045] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6045] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6046] <... openat resumed>) = 5 [pid 6046] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6045] <... futex resumed>) = 0 [pid 6045] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6045] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6046] write(4, "\x00\x00", 2) = 2 [pid 6046] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6045] <... futex resumed>) = 0 [pid 6045] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6045] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6045] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6045] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6045] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6047 attached [pid 6047] set_robust_list(0x7f26566289e0, 24 [pid 6045] <... clone resumed>, parent_tid=[6047], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6047 [pid 6045] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6045] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6047] <... set_robust_list resumed>) = 0 [pid 6046] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6047] openat(AT_FDCWD, "./file0", O_RDONLY) = 6 [pid 6047] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6045] <... futex resumed>) = 0 [pid 6045] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6046] <... mmap resumed>) = 0x20000000 [pid 6045] <... futex resumed>) = 0 [pid 6045] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6046] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6047] <... futex resumed>) = 1 [pid 6046] <... futex resumed>) = 0 [pid 6047] getdents64(6, [pid 6046] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6047] <... getdents64 resumed>NULL, 32776) = -1 EFAULT (Bad address) [pid 6047] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6045] <... futex resumed>) = 0 [pid 6045] exit_group(0) = ? [pid 6046] <... futex resumed>) = ? [pid 6047] <... futex resumed>) = ? [pid 6046] +++ exited with 0 +++ [pid 6047] +++ exited with 0 +++ [pid 6045] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6045, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./321", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./321", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./321/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./321/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./321/binderfs") = 0 [ 106.117696][ T6046] loop0: detected capacity change from 0 to 256 [ 106.127870][ T6046] exfat: Deprecated parameter 'utf8' [ 106.138950][ T6046] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./321/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./321/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./321/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./321/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./321/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./321/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./321") = 0 mkdir("./322", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6048 ./strace-static-x86_64: Process 6048 attached [pid 6048] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6048] chdir("./322") = 0 [pid 6048] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6048] setpgid(0, 0) = 0 [pid 6048] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6048] write(3, "1000", 4) = 4 [pid 6048] close(3) = 0 [pid 6048] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6048] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6048] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6048] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6048] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6049], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6049 [pid 6048] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6049 attached ) = 0 [pid 6048] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6049] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6049] memfd_create("syzkaller", 0) = 3 [pid 6049] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6049] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6049] munmap(0x7f2656609000, 131072) = 0 [pid 6049] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6049] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6049] close(3) = 0 [pid 6049] mkdir("./file2", 0777) = 0 [pid 6049] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6049] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6049] chdir("./file2") = 0 [pid 6049] ioctl(4, LOOP_CLR_FD) = 0 [pid 6049] close(4) = 0 [pid 6049] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6048] <... futex resumed>) = 0 [pid 6048] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6048] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6049] <... futex resumed>) = 1 [pid 6049] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6049] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6048] <... futex resumed>) = 0 [pid 6048] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6048] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6049] <... futex resumed>) = 1 [pid 6049] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6049] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6048] <... futex resumed>) = 0 [pid 6048] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6048] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6049] <... futex resumed>) = 1 [pid 6049] write(4, "\x00\x00", 2) = 2 [pid 6049] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6048] <... futex resumed>) = 0 [pid 6048] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6048] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6048] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6048] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6048] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6050], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6050 [pid 6048] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6050 attached [pid 6049] <... futex resumed>) = 1 [pid 6048] <... futex resumed>) = 0 [pid 6049] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6048] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6050] set_robust_list(0x7f26566289e0, 24 [pid 6049] <... mmap resumed>) = 0x20000000 [pid 6049] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6049] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6050] <... set_robust_list resumed>) = 0 [pid 6050] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6050] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6050] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6048] <... futex resumed>) = 0 [pid 6048] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6049] <... futex resumed>) = 0 [pid 6048] <... futex resumed>) = 1 [pid 6049] getdents64(-1, [pid 6048] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6049] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6049] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6048] <... futex resumed>) = 0 [pid 6049] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6048] exit_group(0 [pid 6049] <... futex resumed>) = ? [pid 6048] <... exit_group resumed>) = ? [pid 6049] +++ exited with 0 +++ [pid 6050] +++ exited with 0 +++ [pid 6048] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6048, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./322", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./322", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./322/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./322/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./322/binderfs") = 0 umount2("./322/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./322/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./322/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./322/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./322/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 106.228106][ T6049] loop0: detected capacity change from 0 to 256 [ 106.238761][ T6049] exfat: Deprecated parameter 'utf8' [ 106.248888][ T6049] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./322/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./322") = 0 mkdir("./323", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6051 ./strace-static-x86_64: Process 6051 attached [pid 6051] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6051] chdir("./323") = 0 [pid 6051] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6051] setpgid(0, 0) = 0 [pid 6051] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6051] write(3, "1000", 4) = 4 [pid 6051] close(3) = 0 [pid 6051] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6051] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6051] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6051] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6051] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6052], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6052 [pid 6051] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6051] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6052 attached [pid 6052] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6052] memfd_create("syzkaller", 0) = 3 [pid 6052] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6052] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6052] munmap(0x7f2656609000, 131072) = 0 [pid 6052] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6052] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6052] close(3) = 0 [pid 6052] mkdir("./file2", 0777) = 0 [pid 6052] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6052] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6052] chdir("./file2") = 0 [pid 6052] ioctl(4, LOOP_CLR_FD) = 0 [pid 6052] close(4) = 0 [pid 6052] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6051] <... futex resumed>) = 0 [pid 6051] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6051] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6052] <... futex resumed>) = 1 [pid 6052] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6052] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6051] <... futex resumed>) = 0 [pid 6051] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6051] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6052] <... futex resumed>) = 1 [pid 6052] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6052] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6051] <... futex resumed>) = 0 [pid 6051] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6051] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6052] <... futex resumed>) = 1 [pid 6052] write(4, "\x00\x00", 2) = 2 [pid 6052] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6051] <... futex resumed>) = 0 [pid 6051] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6051] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6051] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6051] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6051] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6053], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6053 [pid 6051] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6051] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6052] <... futex resumed>) = 1 [pid 6052] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6052] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6052] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6053 attached [pid 6053] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6053] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6053] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6053] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6051] <... futex resumed>) = 0 [pid 6051] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6051] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6052] <... futex resumed>) = 0 [pid 6052] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6052] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6051] <... futex resumed>) = 0 [pid 6052] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6051] exit_group(0 [pid 6052] <... futex resumed>) = ? [pid 6051] <... exit_group resumed>) = ? [pid 6052] +++ exited with 0 +++ [pid 6053] <... futex resumed>) = ? [pid 6053] +++ exited with 0 +++ [pid 6051] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6051, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./323", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./323", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./323/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./323/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./323/binderfs") = 0 umount2("./323/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./323/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./323/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./323/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./323/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./323/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 [ 106.343324][ T6052] loop0: detected capacity change from 0 to 256 [ 106.352065][ T6052] exfat: Deprecated parameter 'utf8' [ 106.361409][ T6052] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) close(3) = 0 rmdir("./323") = 0 mkdir("./324", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6054 ./strace-static-x86_64: Process 6054 attached [pid 6054] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6054] chdir("./324") = 0 [pid 6054] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6054] setpgid(0, 0) = 0 [pid 6054] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6054] write(3, "1000", 4) = 4 [pid 6054] close(3) = 0 [pid 6054] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6054] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6054] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6054] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6054] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6055], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6055 [pid 6054] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6054] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6055 attached [pid 6055] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6055] memfd_create("syzkaller", 0) = 3 [pid 6055] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6055] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6055] munmap(0x7f2656609000, 131072) = 0 [pid 6055] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6055] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6055] close(3) = 0 [pid 6055] mkdir("./file2", 0777) = 0 [pid 6055] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6055] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6055] chdir("./file2") = 0 [pid 6055] ioctl(4, LOOP_CLR_FD) = 0 [pid 6055] close(4) = 0 [pid 6055] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6054] <... futex resumed>) = 0 [pid 6055] <... futex resumed>) = 1 [pid 6054] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6055] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6054] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6055] <... openat resumed>) = 4 [pid 6055] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6054] <... futex resumed>) = 0 [pid 6055] <... futex resumed>) = 1 [pid 6054] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6055] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6054] <... futex resumed>) = 0 [pid 6054] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6055] <... openat resumed>) = 5 [pid 6055] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6054] <... futex resumed>) = 0 [pid 6055] <... futex resumed>) = 1 [pid 6054] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6054] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6055] write(4, "\x00\x00", 2) = 2 [pid 6055] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6054] <... futex resumed>) = 0 [pid 6054] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6054] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6054] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6054] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6054] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6056], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6056 [pid 6054] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6054] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6055] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6055] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6055] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6056 attached [pid 6056] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6056] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6056] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6056] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6054] <... futex resumed>) = 0 [pid 6056] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6054] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6054] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6055] <... futex resumed>) = 0 [pid 6055] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6055] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6054] <... futex resumed>) = 0 [pid 6055] <... futex resumed>) = 1 [pid 6054] exit_group(0 [pid 6055] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6054] <... exit_group resumed>) = ? [pid 6055] <... futex resumed>) = ? [pid 6056] <... futex resumed>) = ? [pid 6056] +++ exited with 0 +++ [pid 6055] +++ exited with 0 +++ [pid 6054] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6054, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./324", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./324", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./324/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./324/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./324/binderfs") = 0 [ 106.445130][ T6055] loop0: detected capacity change from 0 to 256 [ 106.454029][ T6055] exfat: Deprecated parameter 'utf8' [ 106.464580][ T6055] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./324/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./324/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./324/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./324/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./324/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./324/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./324") = 0 mkdir("./325", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6057 ./strace-static-x86_64: Process 6057 attached [pid 6057] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6057] chdir("./325") = 0 [pid 6057] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6057] setpgid(0, 0) = 0 [pid 6057] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6057] write(3, "1000", 4) = 4 [pid 6057] close(3) = 0 [pid 6057] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6057] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6057] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6057] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6057] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6058], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6058 [pid 6057] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6057] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6058 attached [pid 6058] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6058] memfd_create("syzkaller", 0) = 3 [pid 6058] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6058] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6058] munmap(0x7f2656609000, 131072) = 0 [pid 6058] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6058] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6058] close(3) = 0 [pid 6058] mkdir("./file2", 0777) = 0 [pid 6058] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6058] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6058] chdir("./file2") = 0 [pid 6058] ioctl(4, LOOP_CLR_FD) = 0 [pid 6058] close(4) = 0 [pid 6058] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6057] <... futex resumed>) = 0 [pid 6058] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6057] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6057] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6058] <... openat resumed>) = 4 [pid 6058] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6057] <... futex resumed>) = 0 [pid 6058] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6057] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6057] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6058] <... openat resumed>) = 5 [pid 6058] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6057] <... futex resumed>) = 0 [pid 6058] write(4, "\x00\x00", 2 [pid 6057] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6057] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6058] <... write resumed>) = 2 [pid 6058] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6057] <... futex resumed>) = 0 [pid 6058] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6057] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6058] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6057] <... futex resumed>) = 0 [pid 6057] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6057] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6058] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6057] <... mmap resumed>) = 0x7f2656608000 [pid 6058] <... mmap resumed>) = 0x20000000 [pid 6058] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6058] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6057] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6057] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6059 attached , parent_tid=[6059], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6059 [pid 6059] set_robust_list(0x7f26566289e0, 24 [pid 6057] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6059] <... set_robust_list resumed>) = 0 [pid 6057] <... futex resumed>) = 0 [pid 6057] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6059] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6059] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6059] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6057] <... futex resumed>) = 0 [pid 6057] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6058] <... futex resumed>) = 0 [pid 6057] <... futex resumed>) = 1 [pid 6059] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6058] getdents64(-1, [pid 6057] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6058] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6058] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6057] <... futex resumed>) = 0 [pid 6058] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6057] exit_group(0 [pid 6058] <... futex resumed>) = ? [pid 6057] <... exit_group resumed>) = ? [pid 6059] <... futex resumed>) = ? [pid 6058] +++ exited with 0 +++ [pid 6059] +++ exited with 0 +++ [pid 6057] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6057, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./325", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./325", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./325/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./325/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./325/binderfs") = 0 [ 106.555858][ T6058] loop0: detected capacity change from 0 to 256 [ 106.575226][ T6058] exfat: Deprecated parameter 'utf8' [ 106.585250][ T6058] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./325/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./325/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./325/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./325/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./325/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./325/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./325") = 0 mkdir("./326", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6060 attached [pid 6060] set_robust_list(0x555556b3a6e0, 24 [pid 5078] <... clone resumed>, child_tidptr=0x555556b3a6d0) = 6060 [pid 6060] <... set_robust_list resumed>) = 0 [pid 6060] chdir("./326") = 0 [pid 6060] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6060] setpgid(0, 0) = 0 [pid 6060] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6060] write(3, "1000", 4) = 4 [pid 6060] close(3) = 0 [pid 6060] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6060] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6060] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6060] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6060] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6061], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6061 ./strace-static-x86_64: Process 6061 attached [pid 6061] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6061] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6060] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6061] <... futex resumed>) = 0 [pid 6060] <... futex resumed>) = 1 [pid 6060] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6061] memfd_create("syzkaller", 0) = 3 [pid 6061] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6061] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6061] munmap(0x7f2656609000, 131072) = 0 [pid 6061] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6061] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6061] close(3) = 0 [pid 6061] mkdir("./file2", 0777) = 0 [pid 6061] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6061] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6061] chdir("./file2") = 0 [pid 6061] ioctl(4, LOOP_CLR_FD) = 0 [pid 6061] close(4) = 0 [pid 6061] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6060] <... futex resumed>) = 0 [pid 6060] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6060] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6061] <... futex resumed>) = 1 [pid 6061] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6061] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6060] <... futex resumed>) = 0 [pid 6060] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6060] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6061] <... futex resumed>) = 1 [pid 6061] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6061] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6060] <... futex resumed>) = 0 [pid 6060] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6060] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6061] <... futex resumed>) = 1 [pid 6061] write(4, "\x00\x00", 2) = 2 [pid 6061] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6060] <... futex resumed>) = 0 [pid 6060] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6060] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6060] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6060] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6060] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6062], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6062 [pid 6060] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6060] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6061] <... futex resumed>) = 1 [pid 6061] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6061] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6061] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6062 attached [pid 6062] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6062] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6062] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6062] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6060] <... futex resumed>) = 0 [pid 6062] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6060] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6060] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6061] <... futex resumed>) = 0 [pid 6061] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6061] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6060] <... futex resumed>) = 0 [pid 6060] exit_group(0) = ? [pid 6062] <... futex resumed>) = ? [pid 6062] +++ exited with 0 +++ [pid 6061] <... futex resumed>) = ? [pid 6061] +++ exited with 0 +++ [pid 6060] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6060, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./326", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./326", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./326/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./326/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./326/binderfs") = 0 umount2("./326/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./326/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./326/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./326/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./326/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./326/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./326") = 0 mkdir("./327", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 106.685112][ T6061] loop0: detected capacity change from 0 to 256 [ 106.695226][ T6061] exfat: Deprecated parameter 'utf8' [ 106.705336][ T6061] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6063 ./strace-static-x86_64: Process 6063 attached [pid 6063] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6063] chdir("./327") = 0 [pid 6063] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6063] setpgid(0, 0) = 0 [pid 6063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6063] write(3, "1000", 4) = 4 [pid 6063] close(3) = 0 [pid 6063] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6063] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6063] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6063] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6063] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6064 attached , parent_tid=[6064], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6064 [pid 6064] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6064] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6063] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6064] <... futex resumed>) = 0 [pid 6064] memfd_create("syzkaller", 0) = 3 [pid 6063] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6064] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6064] munmap(0x7f2656609000, 131072) = 0 [pid 6064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6064] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6064] close(3) = 0 [pid 6064] mkdir("./file2", 0777) = 0 [pid 6064] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6064] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6064] chdir("./file2") = 0 [pid 6064] ioctl(4, LOOP_CLR_FD) = 0 [pid 6064] close(4) = 0 [pid 6064] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6064] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6063] <... futex resumed>) = 0 [pid 6063] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6064] <... futex resumed>) = 0 [pid 6063] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6064] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6064] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6063] <... futex resumed>) = 0 [pid 6064] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6063] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6063] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6064] <... openat resumed>) = 5 [pid 6064] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6063] <... futex resumed>) = 0 [pid 6064] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6063] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6064] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6063] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6064] write(4, "\x00\x00", 2) = 2 [pid 6064] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6063] <... futex resumed>) = 0 [pid 6064] <... futex resumed>) = 1 [pid 6063] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6064] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6063] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6063] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6064] <... mmap resumed>) = 0x20000000 [pid 6063] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6064] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6063] <... mprotect resumed>) = 0 [pid 6064] <... futex resumed>) = 0 [pid 6063] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6064] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6063] <... clone resumed>, parent_tid=[6065], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6065 ./strace-static-x86_64: Process 6065 attached [pid 6063] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6063] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6065] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6065] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6065] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6065] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6063] <... futex resumed>) = 0 [pid 6065] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6063] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6064] <... futex resumed>) = 0 [pid 6063] <... futex resumed>) = 1 [pid 6064] getdents64(-1, [pid 6063] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6064] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6064] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6063] <... futex resumed>) = 0 [pid 6064] <... futex resumed>) = 1 [pid 6063] exit_group(0 [pid 6065] <... futex resumed>) = ? [pid 6063] <... exit_group resumed>) = ? [pid 6065] +++ exited with 0 +++ [pid 6064] +++ exited with 0 +++ [pid 6063] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6063, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./327", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./327", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./327/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./327/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./327/binderfs") = 0 umount2("./327/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 106.797908][ T6064] loop0: detected capacity change from 0 to 256 [ 106.806499][ T6064] exfat: Deprecated parameter 'utf8' [ 106.816968][ T6064] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./327/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./327/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./327/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./327/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./327/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./327") = 0 mkdir("./328", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6066 ./strace-static-x86_64: Process 6066 attached [pid 6066] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6066] chdir("./328") = 0 [pid 6066] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6066] setpgid(0, 0) = 0 [pid 6066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6066] write(3, "1000", 4) = 4 [pid 6066] close(3) = 0 [pid 6066] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6066] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6066] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6066] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6066] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6067], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6067 [pid 6066] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6066] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6067 attached [pid 6067] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6067] memfd_create("syzkaller", 0) = 3 [pid 6067] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6067] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6067] munmap(0x7f2656609000, 131072) = 0 [pid 6067] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6067] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6067] close(3) = 0 [pid 6067] mkdir("./file2", 0777) = 0 [pid 6067] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6067] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6067] chdir("./file2") = 0 [pid 6067] ioctl(4, LOOP_CLR_FD) = 0 [pid 6067] close(4) = 0 [pid 6067] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6066] <... futex resumed>) = 0 [pid 6067] <... futex resumed>) = 1 [pid 6066] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6067] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6066] <... futex resumed>) = 0 [pid 6066] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6067] <... openat resumed>) = 4 [pid 6067] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6066] <... futex resumed>) = 0 [pid 6067] <... futex resumed>) = 1 [pid 6067] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6066] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6066] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6067] <... openat resumed>) = 5 [pid 6067] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6066] <... futex resumed>) = 0 [pid 6066] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6066] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6067] write(4, "\x00\x00", 2) = 2 [pid 6067] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6066] <... futex resumed>) = 0 [pid 6066] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6066] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6066] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6066] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6066] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6068], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6068 [pid 6067] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6066] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6066] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6067] <... mmap resumed>) = 0x20000000 [pid 6067] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6067] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6068 attached [pid 6068] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6068] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6068] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6068] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6066] <... futex resumed>) = 0 [pid 6068] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6066] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6067] <... futex resumed>) = 0 [pid 6066] <... futex resumed>) = 1 [pid 6067] getdents64(-1, [pid 6066] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6067] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6067] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6066] <... futex resumed>) = 0 [pid 6066] exit_group(0) = ? [pid 6067] +++ exited with 0 +++ [pid 6068] <... futex resumed>) = ? [pid 6068] +++ exited with 0 +++ [pid 6066] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6066, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./328", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./328", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./328/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./328/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./328/binderfs") = 0 umount2("./328/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./328/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./328/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./328/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 106.908048][ T6067] loop0: detected capacity change from 0 to 256 [ 106.917256][ T6067] exfat: Deprecated parameter 'utf8' [ 106.928629][ T6067] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) openat(AT_FDCWD, "./328/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./328/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./328") = 0 mkdir("./329", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6069 attached , child_tidptr=0x555556b3a6d0) = 6069 [pid 6069] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6069] chdir("./329") = 0 [pid 6069] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6069] setpgid(0, 0) = 0 [pid 6069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6069] write(3, "1000", 4) = 4 [pid 6069] close(3) = 0 [pid 6069] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6069] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6069] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6069] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6069] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6070 attached , parent_tid=[6070], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6070 [pid 6069] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6069] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6070] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6070] memfd_create("syzkaller", 0) = 3 [pid 6070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6070] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6070] munmap(0x7f2656609000, 131072) = 0 [pid 6070] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6070] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6070] close(3) = 0 [pid 6070] mkdir("./file2", 0777) = 0 [pid 6070] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6070] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6070] chdir("./file2") = 0 [pid 6070] ioctl(4, LOOP_CLR_FD) = 0 [pid 6070] close(4) = 0 [pid 6070] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6069] <... futex resumed>) = 0 [pid 6069] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6069] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6070] <... futex resumed>) = 1 [pid 6070] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6070] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6069] <... futex resumed>) = 0 [pid 6069] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6069] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6070] <... futex resumed>) = 1 [pid 6070] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6070] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6069] <... futex resumed>) = 0 [pid 6069] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6069] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6070] <... futex resumed>) = 1 [pid 6070] write(4, "\x00\x00", 2) = 2 [pid 6070] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6069] <... futex resumed>) = 0 [pid 6069] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6069] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6069] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6069] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6069] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6071], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6071 [pid 6069] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6069] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6070] <... futex resumed>) = 1 [pid 6070] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6070] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6070] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6071 attached [pid 6071] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6071] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6071] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6071] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6069] <... futex resumed>) = 0 [pid 6069] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6069] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6070] <... futex resumed>) = 0 [pid 6070] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6070] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6069] <... futex resumed>) = 0 [pid 6069] exit_group(0) = ? [pid 6071] +++ exited with 0 +++ [pid 6070] <... futex resumed>) = ? [pid 6070] +++ exited with 0 +++ [pid 6069] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6069, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./329", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./329", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./329/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./329/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./329/binderfs") = 0 umount2("./329/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./329/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./329/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./329/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./329/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 [ 107.026407][ T6070] loop0: detected capacity change from 0 to 256 [ 107.036364][ T6070] exfat: Deprecated parameter 'utf8' [ 107.047699][ T6070] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) rmdir("./329/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./329") = 0 mkdir("./330", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6072 attached , child_tidptr=0x555556b3a6d0) = 6072 [pid 6072] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6072] chdir("./330") = 0 [pid 6072] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6072] setpgid(0, 0) = 0 [pid 6072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6072] write(3, "1000", 4) = 4 [pid 6072] close(3) = 0 [pid 6072] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6072] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6072] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6072] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6073 attached [pid 6073] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6073] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6072] <... clone resumed>, parent_tid=[6073], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6073 [pid 6072] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6073] <... futex resumed>) = 0 [pid 6072] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6073] memfd_create("syzkaller", 0) = 3 [pid 6073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6073] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6073] munmap(0x7f2656609000, 131072) = 0 [pid 6073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6073] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6073] close(3) = 0 [pid 6073] mkdir("./file2", 0777) = 0 [pid 6073] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6073] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6073] chdir("./file2") = 0 [pid 6073] ioctl(4, LOOP_CLR_FD) = 0 [pid 6073] close(4) = 0 [pid 6073] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6072] <... futex resumed>) = 0 [pid 6072] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6072] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6073] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6073] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6072] <... futex resumed>) = 0 [pid 6072] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6072] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6073] <... futex resumed>) = 1 [pid 6073] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6073] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6072] <... futex resumed>) = 0 [pid 6073] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6072] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6072] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6073] <... futex resumed>) = 0 [pid 6073] write(4, "\x00\x00", 2) = 2 [pid 6073] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6072] <... futex resumed>) = 0 [pid 6072] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6072] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6072] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6072] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6074 attached , parent_tid=[6074], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6074 [pid 6074] set_robust_list(0x7f26566289e0, 24 [pid 6072] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6074] <... set_robust_list resumed>) = 0 [pid 6072] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6073] <... futex resumed>) = 1 [pid 6073] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6074] openat(AT_FDCWD, "", O_RDONLY [pid 6073] <... mmap resumed>) = 0x20000000 [pid 6073] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6073] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6074] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 6074] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6072] <... futex resumed>) = 0 [pid 6072] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6072] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6073] <... futex resumed>) = 0 [pid 6073] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6074] <... futex resumed>) = 1 [pid 6073] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6074] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6072] <... futex resumed>) = 0 [pid 6072] exit_group(0) = ? [pid 6073] <... futex resumed>) = ? [pid 6074] <... futex resumed>) = ? [pid 6073] +++ exited with 0 +++ [pid 6074] +++ exited with 0 +++ [pid 6072] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6072, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./330", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./330", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./330/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./330/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./330/binderfs") = 0 umount2("./330/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 107.139147][ T6073] loop0: detected capacity change from 0 to 256 [ 107.147752][ T6073] exfat: Deprecated parameter 'utf8' [ 107.158911][ T6073] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./330/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./330/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./330/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./330/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./330/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./330") = 0 mkdir("./331", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6075 ./strace-static-x86_64: Process 6075 attached [pid 6075] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6075] chdir("./331") = 0 [pid 6075] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6075] setpgid(0, 0) = 0 [pid 6075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6075] write(3, "1000", 4) = 4 [pid 6075] close(3) = 0 [pid 6075] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6075] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6075] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6075] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6075] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6076 attached [pid 6076] set_robust_list(0x7f265ea299e0, 24 [pid 6075] <... clone resumed>, parent_tid=[6076], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6076 [pid 6076] <... set_robust_list resumed>) = 0 [pid 6075] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6075] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6076] memfd_create("syzkaller", 0) = 3 [pid 6076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6076] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6076] munmap(0x7f2656609000, 131072) = 0 [pid 6076] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6076] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6076] close(3) = 0 [pid 6076] mkdir("./file2", 0777) = 0 [pid 6076] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6076] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6076] chdir("./file2") = 0 [pid 6076] ioctl(4, LOOP_CLR_FD) = 0 [pid 6076] close(4) = 0 [pid 6076] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6075] <... futex resumed>) = 0 [pid 6075] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6075] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6076] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6076] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6075] <... futex resumed>) = 0 [pid 6076] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6075] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6075] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6076] <... openat resumed>) = 5 [pid 6076] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6075] <... futex resumed>) = 0 [pid 6075] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6075] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6076] write(4, "\x00\x00", 2) = 2 [pid 6076] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6075] <... futex resumed>) = 0 [pid 6076] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6075] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6076] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6075] <... futex resumed>) = 0 [pid 6075] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6075] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6076] <... mmap resumed>) = 0x20000000 [pid 6076] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6075] <... mmap resumed>) = 0x7f2656608000 [pid 6075] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6076] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6075] <... mprotect resumed>) = 0 [pid 6075] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6077 attached , parent_tid=[6077], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6077 [pid 6077] set_robust_list(0x7f26566289e0, 24 [pid 6075] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6077] <... set_robust_list resumed>) = 0 [pid 6075] <... futex resumed>) = 0 [pid 6075] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6077] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6077] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6077] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6075] <... futex resumed>) = 0 [pid 6077] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6075] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6076] <... futex resumed>) = 0 [pid 6075] <... futex resumed>) = 1 [pid 6076] getdents64(-1, [pid 6075] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6076] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6076] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6075] <... futex resumed>) = 0 [pid 6076] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6075] exit_group(0 [pid 6076] <... futex resumed>) = ? [pid 6075] <... exit_group resumed>) = ? [pid 6076] +++ exited with 0 +++ [pid 6077] <... futex resumed>) = ? [pid 6077] +++ exited with 0 +++ [pid 6075] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6075, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./331", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./331", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./331/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./331/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./331/binderfs") = 0 umount2("./331/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./331/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./331/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 107.267961][ T6076] loop0: detected capacity change from 0 to 256 [ 107.277304][ T6076] exfat: Deprecated parameter 'utf8' [ 107.288619][ T6076] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./331/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./331/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./331/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./331") = 0 mkdir("./332", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6078 ./strace-static-x86_64: Process 6078 attached [pid 6078] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6078] chdir("./332") = 0 [pid 6078] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6078] setpgid(0, 0) = 0 [pid 6078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6078] write(3, "1000", 4) = 4 [pid 6078] close(3) = 0 [pid 6078] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6078] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6078] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6078] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6078] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6079 attached , parent_tid=[6079], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6079 [pid 6078] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6078] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6079] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6079] memfd_create("syzkaller", 0) = 3 [pid 6079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6079] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6079] munmap(0x7f2656609000, 131072) = 0 [pid 6079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6079] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6079] close(3) = 0 [pid 6079] mkdir("./file2", 0777) = 0 [pid 6079] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6079] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6079] chdir("./file2") = 0 [pid 6079] ioctl(4, LOOP_CLR_FD) = 0 [pid 6079] close(4) = 0 [pid 6079] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6078] <... futex resumed>) = 0 [pid 6079] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6078] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6079] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6078] <... futex resumed>) = 0 [pid 6079] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6078] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6079] <... openat resumed>) = 4 [pid 6079] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6078] <... futex resumed>) = 0 [pid 6079] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6078] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6078] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6079] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6079] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6079] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6078] <... futex resumed>) = 0 [pid 6078] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6079] <... futex resumed>) = 0 [pid 6078] <... futex resumed>) = 1 [pid 6079] write(4, "\x00\x00", 2 [pid 6078] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6079] <... write resumed>) = 2 [pid 6079] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6078] <... futex resumed>) = 0 [pid 6079] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6078] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6079] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6078] <... futex resumed>) = 0 [pid 6079] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6078] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6079] <... mmap resumed>) = 0x20000000 [pid 6078] <... futex resumed>) = 0 [pid 6079] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6078] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6079] <... futex resumed>) = 0 [pid 6078] <... mmap resumed>) = 0x7f2656608000 [pid 6079] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6078] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6078] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6080], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6080 [pid 6078] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6078] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6080 attached [pid 6080] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6080] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6080] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6080] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6078] <... futex resumed>) = 0 [pid 6078] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6079] <... futex resumed>) = 0 [pid 6078] <... futex resumed>) = 1 [pid 6079] getdents64(-1, [pid 6078] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6079] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6079] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6078] <... futex resumed>) = 0 [pid 6079] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6078] exit_group(0 [pid 6079] <... futex resumed>) = ? [pid 6078] <... exit_group resumed>) = ? [pid 6079] +++ exited with 0 +++ [pid 6080] <... futex resumed>) = ? [pid 6080] +++ exited with 0 +++ [pid 6078] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6078, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./332", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./332", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./332/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./332/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./332/binderfs") = 0 [ 107.383840][ T6079] loop0: detected capacity change from 0 to 256 [ 107.393686][ T6079] exfat: Deprecated parameter 'utf8' [ 107.403127][ T6079] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./332/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./332/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./332/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./332/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./332/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./332/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./332") = 0 mkdir("./333", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6081 ./strace-static-x86_64: Process 6081 attached [pid 6081] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6081] chdir("./333") = 0 [pid 6081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6081] setpgid(0, 0) = 0 [pid 6081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6081] write(3, "1000", 4) = 4 [pid 6081] close(3) = 0 [pid 6081] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6081] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6081] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6081] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6082], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6082 [pid 6081] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6082 attached [pid 6082] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6082] memfd_create("syzkaller", 0) = 3 [pid 6082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6082] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6082] munmap(0x7f2656609000, 131072) = 0 [pid 6082] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6082] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6082] close(3) = 0 [pid 6082] mkdir("./file2", 0777) = 0 [pid 6082] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6082] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6082] chdir("./file2") = 0 [pid 6082] ioctl(4, LOOP_CLR_FD) = 0 [pid 6082] close(4) = 0 [pid 6082] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6081] <... futex resumed>) = 0 [pid 6081] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6082] <... futex resumed>) = 1 [pid 6082] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6082] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6081] <... futex resumed>) = 0 [pid 6081] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6082] <... futex resumed>) = 1 [pid 6082] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6082] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6081] <... futex resumed>) = 0 [pid 6081] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6082] <... futex resumed>) = 1 [pid 6082] write(4, "\x00\x00", 2) = 2 [pid 6082] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6081] <... futex resumed>) = 0 [pid 6081] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6081] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6081] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6083], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6083 [pid 6081] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6082] <... futex resumed>) = 1 [pid 6082] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6082] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6082] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6083 attached [pid 6083] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6083] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6083] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6083] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6081] <... futex resumed>) = 0 [pid 6081] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6081] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6082] <... futex resumed>) = 0 [pid 6082] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6082] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6081] <... futex resumed>) = 0 [pid 6081] exit_group(0) = ? [pid 6082] <... futex resumed>) = ? [pid 6082] +++ exited with 0 +++ [pid 6083] +++ exited with 0 +++ [pid 6081] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6081, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./333", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./333", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./333/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./333/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./333/binderfs") = 0 umount2("./333/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./333/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./333/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./333/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./333/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./333/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./333") = 0 mkdir("./334", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6084 ./strace-static-x86_64: Process 6084 attached [pid 6084] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6084] chdir("./334") = 0 [ 107.493173][ T6082] loop0: detected capacity change from 0 to 256 [ 107.501814][ T6082] exfat: Deprecated parameter 'utf8' [ 107.511704][ T6082] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6084] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6084] setpgid(0, 0) = 0 [pid 6084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6084] write(3, "1000", 4) = 4 [pid 6084] close(3) = 0 [pid 6084] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6084] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6084] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6084] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6085], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6085 [pid 6084] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6084] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6085 attached [pid 6085] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6085] memfd_create("syzkaller", 0) = 3 [pid 6085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6085] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6085] munmap(0x7f2656609000, 131072) = 0 [pid 6085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6085] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6085] close(3) = 0 [pid 6085] mkdir("./file2", 0777) = 0 [pid 6085] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6085] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6085] chdir("./file2") = 0 [pid 6085] ioctl(4, LOOP_CLR_FD) = 0 [pid 6085] close(4) = 0 [pid 6085] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6084] <... futex resumed>) = 0 [pid 6085] <... futex resumed>) = 1 [pid 6084] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6084] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6085] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6085] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6084] <... futex resumed>) = 0 [pid 6084] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6084] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6085] <... futex resumed>) = 1 [pid 6085] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6085] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6084] <... futex resumed>) = 0 [pid 6084] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6084] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6085] <... futex resumed>) = 1 [pid 6085] write(4, "\x00\x00", 2) = 2 [pid 6085] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6084] <... futex resumed>) = 0 [pid 6084] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6084] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6085] <... futex resumed>) = 1 [pid 6085] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6084] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6085] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6085] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6084] <... mprotect resumed>) = 0 [pid 6084] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6086 attached , parent_tid=[6086], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6086 [pid 6086] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6086] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6084] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6084] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6086] <... futex resumed>) = 0 [pid 6086] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6086] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6086] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6084] <... futex resumed>) = 0 [pid 6084] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6085] <... futex resumed>) = 0 [pid 6084] <... futex resumed>) = 1 [pid 6085] getdents64(-1, [pid 6084] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6085] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6085] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6084] <... futex resumed>) = 0 [pid 6085] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6084] exit_group(0 [pid 6085] <... futex resumed>) = ? [pid 6084] <... exit_group resumed>) = ? [pid 6085] +++ exited with 0 +++ [pid 6086] <... futex resumed>) = ? [pid 6086] +++ exited with 0 +++ [pid 6084] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6084, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./334", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./334", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./334/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./334/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./334/binderfs") = 0 umount2("./334/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./334/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./334/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./334/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 107.594471][ T6085] loop0: detected capacity change from 0 to 256 [ 107.603081][ T6085] exfat: Deprecated parameter 'utf8' [ 107.614353][ T6085] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) openat(AT_FDCWD, "./334/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./334/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./334") = 0 mkdir("./335", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6087 ./strace-static-x86_64: Process 6087 attached [pid 6087] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6087] chdir("./335") = 0 [pid 6087] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6087] setpgid(0, 0) = 0 [pid 6087] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6087] write(3, "1000", 4) = 4 [pid 6087] close(3) = 0 [pid 6087] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6087] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6087] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6087] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6087] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6088], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6088 ./strace-static-x86_64: Process 6088 attached [pid 6087] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6087] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6088] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6088] memfd_create("syzkaller", 0) = 3 [pid 6088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6088] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6088] munmap(0x7f2656609000, 131072) = 0 [pid 6088] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6088] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6088] close(3) = 0 [pid 6088] mkdir("./file2", 0777) = 0 [pid 6088] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6088] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6088] chdir("./file2") = 0 [pid 6088] ioctl(4, LOOP_CLR_FD) = 0 [pid 6088] close(4) = 0 [pid 6088] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6087] <... futex resumed>) = 0 [pid 6087] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6087] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6088] <... futex resumed>) = 1 [pid 6088] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6088] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6087] <... futex resumed>) = 0 [pid 6087] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6087] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6088] <... futex resumed>) = 1 [pid 6088] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6088] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6087] <... futex resumed>) = 0 [pid 6087] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6087] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6088] <... futex resumed>) = 1 [pid 6088] write(4, "\x00\x00", 2) = 2 [pid 6088] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6087] <... futex resumed>) = 0 [pid 6087] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6087] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6087] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6087] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6087] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6089], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6089 [pid 6087] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6089 attached ) = 0 [pid 6087] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6088] <... futex resumed>) = 1 [pid 6088] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6089] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6088] <... mmap resumed>) = 0x20000000 [pid 6089] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6088] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6088] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6089] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6089] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6087] <... futex resumed>) = 0 [pid 6087] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6087] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6088] <... futex resumed>) = 0 [pid 6088] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6088] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6087] <... futex resumed>) = 0 [pid 6087] exit_group(0) = ? [pid 6088] <... futex resumed>) = ? [pid 6088] +++ exited with 0 +++ [pid 6089] +++ exited with 0 +++ [pid 6087] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6087, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./335", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./335", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./335/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./335/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./335/binderfs") = 0 [ 107.714318][ T6088] loop0: detected capacity change from 0 to 256 [ 107.723533][ T6088] exfat: Deprecated parameter 'utf8' [ 107.735396][ T6088] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./335/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./335/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./335/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./335/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./335/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./335/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./335") = 0 mkdir("./336", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6090 ./strace-static-x86_64: Process 6090 attached [pid 6090] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6090] chdir("./336") = 0 [pid 6090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6090] setpgid(0, 0) = 0 [pid 6090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6090] write(3, "1000", 4) = 4 [pid 6090] close(3) = 0 [pid 6090] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6090] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6090] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6090] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6091 attached , parent_tid=[6091], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6091 [pid 6091] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6091] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6090] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6091] <... futex resumed>) = 0 [pid 6090] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6091] memfd_create("syzkaller", 0) = 3 [pid 6091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6091] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6091] munmap(0x7f2656609000, 131072) = 0 [pid 6091] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6091] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6091] close(3) = 0 [pid 6091] mkdir("./file2", 0777) = 0 [pid 6091] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6091] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6091] chdir("./file2") = 0 [pid 6091] ioctl(4, LOOP_CLR_FD) = 0 [pid 6091] close(4) = 0 [pid 6091] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6090] <... futex resumed>) = 0 [pid 6090] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6091] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6090] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6091] <... openat resumed>) = 4 [pid 6091] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6090] <... futex resumed>) = 0 [pid 6091] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6090] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6090] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6091] <... openat resumed>) = 5 [pid 6091] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6090] <... futex resumed>) = 0 [pid 6091] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6090] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6091] <... futex resumed>) = 0 [pid 6090] <... futex resumed>) = 1 [pid 6090] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6091] write(4, "\x00\x00", 2) = 2 [pid 6091] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6090] <... futex resumed>) = 0 [pid 6091] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6090] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6090] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6091] <... mmap resumed>) = 0x20000000 [pid 6091] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6090] <... mmap resumed>) = 0x7f2656608000 [pid 6091] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6090] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6090] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6092 attached , parent_tid=[6092], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6092 [pid 6092] set_robust_list(0x7f26566289e0, 24 [pid 6090] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6092] <... set_robust_list resumed>) = 0 [pid 6090] <... futex resumed>) = 0 [pid 6090] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6092] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6092] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6092] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6090] <... futex resumed>) = 0 [pid 6092] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6090] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6091] <... futex resumed>) = 0 [pid 6090] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6091] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6091] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6090] <... futex resumed>) = 0 [pid 6091] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6090] exit_group(0 [pid 6091] <... futex resumed>) = ? [pid 6090] <... exit_group resumed>) = ? [pid 6091] +++ exited with 0 +++ [pid 6092] <... futex resumed>) = ? [pid 6092] +++ exited with 0 +++ [pid 6090] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6090, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./336", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./336", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./336/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./336/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./336/binderfs") = 0 umount2("./336/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./336/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./336/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./336/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./336/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./336/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./336") = 0 mkdir("./337", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 107.838967][ T6091] loop0: detected capacity change from 0 to 256 [ 107.847664][ T6091] exfat: Deprecated parameter 'utf8' [ 107.859080][ T6091] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6093 ./strace-static-x86_64: Process 6093 attached [pid 6093] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6093] chdir("./337") = 0 [pid 6093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6093] setpgid(0, 0) = 0 [pid 6093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6093] write(3, "1000", 4) = 4 [pid 6093] close(3) = 0 [pid 6093] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6093] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6093] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6093] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6094 attached , parent_tid=[6094], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6094 [pid 6094] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6094] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6093] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6094] <... futex resumed>) = 0 [pid 6093] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6094] memfd_create("syzkaller", 0) = 3 [pid 6094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6094] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6094] munmap(0x7f2656609000, 131072) = 0 [pid 6094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6094] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6094] close(3) = 0 [pid 6094] mkdir("./file2", 0777) = 0 [pid 6094] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6094] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6094] chdir("./file2") = 0 [pid 6094] ioctl(4, LOOP_CLR_FD) = 0 [pid 6094] close(4) = 0 [pid 6094] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6093] <... futex resumed>) = 0 [pid 6093] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6093] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6094] <... futex resumed>) = 1 [pid 6094] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6094] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6093] <... futex resumed>) = 0 [pid 6093] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6093] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6094] <... futex resumed>) = 1 [pid 6094] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6094] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6093] <... futex resumed>) = 0 [pid 6093] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] <... futex resumed>) = 1 [pid 6093] <... futex resumed>) = 0 [pid 6094] write(4, "\x00\x00", 2 [pid 6093] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6094] <... write resumed>) = 2 [pid 6094] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6093] <... futex resumed>) = 0 [pid 6094] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6093] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6094] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6093] <... futex resumed>) = 0 [pid 6094] <... mmap resumed>) = 0x20000000 [pid 6093] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6093] <... futex resumed>) = 0 [pid 6094] <... futex resumed>) = 0 [pid 6093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6094] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6093] <... mmap resumed>) = 0x7f2656608000 [pid 6093] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6093] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6095 attached [pid 6095] set_robust_list(0x7f26566289e0, 24 [pid 6093] <... clone resumed>, parent_tid=[6095], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6095 [pid 6095] <... set_robust_list resumed>) = 0 [pid 6093] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6095] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6095] openat(AT_FDCWD, "", O_RDONLY [pid 6093] <... futex resumed>) = 0 [pid 6095] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 6095] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6095] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6093] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6093] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] <... futex resumed>) = 0 [pid 6093] <... futex resumed>) = 1 [pid 6094] getdents64(-1, [pid 6093] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6094] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6094] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6093] <... futex resumed>) = 0 [pid 6094] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6093] exit_group(0 [pid 6094] <... futex resumed>) = ? [pid 6093] <... exit_group resumed>) = ? [pid 6094] +++ exited with 0 +++ [pid 6095] <... futex resumed>) = ? [pid 6095] +++ exited with 0 +++ [pid 6093] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6093, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./337", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./337", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./337/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./337/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./337/binderfs") = 0 umount2("./337/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./337/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./337/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./337/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./337/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./337/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 [ 107.962579][ T6094] loop0: detected capacity change from 0 to 256 [ 107.972646][ T6094] exfat: Deprecated parameter 'utf8' [ 107.983955][ T6094] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) rmdir("./337") = 0 mkdir("./338", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6096 ./strace-static-x86_64: Process 6096 attached [pid 6096] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6096] chdir("./338") = 0 [pid 6096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6096] setpgid(0, 0) = 0 [pid 6096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6096] write(3, "1000", 4) = 4 [pid 6096] close(3) = 0 [pid 6096] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6096] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6096] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6096] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6096] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6097], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6097 [pid 6096] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6096] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6097 attached [pid 6097] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6097] memfd_create("syzkaller", 0) = 3 [pid 6097] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6097] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6097] munmap(0x7f2656609000, 131072) = 0 [pid 6097] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6097] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6097] close(3) = 0 [pid 6097] mkdir("./file2", 0777) = 0 [pid 6097] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6097] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6097] chdir("./file2") = 0 [pid 6097] ioctl(4, LOOP_CLR_FD) = 0 [pid 6097] close(4) = 0 [pid 6097] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6096] <... futex resumed>) = 0 [pid 6096] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6096] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6097] <... futex resumed>) = 1 [pid 6097] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6097] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6096] <... futex resumed>) = 0 [pid 6096] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6096] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6097] <... futex resumed>) = 1 [pid 6097] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6097] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6096] <... futex resumed>) = 0 [pid 6096] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6096] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6097] write(4, "\x00\x00", 2) = 2 [pid 6097] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6096] <... futex resumed>) = 0 [pid 6096] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6097] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6096] <... futex resumed>) = 0 [pid 6096] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6096] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6097] <... mmap resumed>) = 0x20000000 [pid 6096] <... mmap resumed>) = 0x7f2656608000 [pid 6096] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6097] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6096] <... mprotect resumed>) = 0 [pid 6097] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6096] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6098 attached , parent_tid=[6098], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6098 [pid 6098] set_robust_list(0x7f26566289e0, 24 [pid 6096] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6096] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6098] <... set_robust_list resumed>) = 0 [pid 6098] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6098] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6098] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6096] <... futex resumed>) = 0 [pid 6098] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6096] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6097] <... futex resumed>) = 0 [pid 6096] <... futex resumed>) = 1 [pid 6097] getdents64(-1, [pid 6096] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6097] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6097] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6096] <... futex resumed>) = 0 [pid 6097] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6096] exit_group(0) = ? [pid 6098] <... futex resumed>) = ? [pid 6098] +++ exited with 0 +++ [pid 6097] <... futex resumed>) = ? [pid 6097] +++ exited with 0 +++ [pid 6096] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6096, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./338", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./338", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./338/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./338/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./338/binderfs") = 0 [ 108.066828][ T6097] loop0: detected capacity change from 0 to 256 [ 108.075393][ T6097] exfat: Deprecated parameter 'utf8' [ 108.086672][ T6097] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./338/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./338/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./338/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./338/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./338/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./338/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./338") = 0 mkdir("./339", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6099 ./strace-static-x86_64: Process 6099 attached [pid 6099] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6099] chdir("./339") = 0 [pid 6099] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6099] setpgid(0, 0) = 0 [pid 6099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6099] write(3, "1000", 4) = 4 [pid 6099] close(3) = 0 [pid 6099] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6099] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6099] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6099] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6099] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6100], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6100 [pid 6099] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6099] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6100 attached [pid 6100] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6100] memfd_create("syzkaller", 0) = 3 [pid 6100] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6100] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6100] munmap(0x7f2656609000, 131072) = 0 [pid 6100] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6100] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6100] close(3) = 0 [pid 6100] mkdir("./file2", 0777) = 0 [pid 6100] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6100] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6100] chdir("./file2") = 0 [pid 6100] ioctl(4, LOOP_CLR_FD) = 0 [pid 6100] close(4) = 0 [pid 6100] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6099] <... futex resumed>) = 0 [pid 6100] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6099] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6100] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6099] <... futex resumed>) = 0 [pid 6100] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6099] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6100] <... openat resumed>) = 4 [pid 6100] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6099] <... futex resumed>) = 0 [pid 6100] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6099] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6100] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6099] <... futex resumed>) = 0 [pid 6100] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6099] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6100] <... openat resumed>) = 5 [pid 6100] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6099] <... futex resumed>) = 0 [pid 6100] <... futex resumed>) = 1 [pid 6099] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6100] write(4, "\x00\x00", 2 [pid 6099] <... futex resumed>) = 0 [pid 6099] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6100] <... write resumed>) = 2 [pid 6100] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6099] <... futex resumed>) = 0 [pid 6100] <... futex resumed>) = 1 [pid 6099] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6100] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6099] <... futex resumed>) = 0 [pid 6099] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6099] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6100] <... mmap resumed>) = 0x20000000 [pid 6099] <... mmap resumed>) = 0x7f2656608000 [pid 6099] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6100] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6100] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6099] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6101], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6101 [pid 6099] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6099] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6101 attached [pid 6101] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6101] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6101] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6101] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6099] <... futex resumed>) = 0 [pid 6099] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6100] <... futex resumed>) = 0 [pid 6099] <... futex resumed>) = 1 [pid 6100] getdents64(-1, [pid 6099] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6100] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6100] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6099] <... futex resumed>) = 0 [pid 6100] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6099] exit_group(0 [pid 6100] <... futex resumed>) = ? [pid 6099] <... exit_group resumed>) = ? [pid 6100] +++ exited with 0 +++ [pid 6101] <... futex resumed>) = ? [pid 6101] +++ exited with 0 +++ [pid 6099] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6099, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./339", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./339", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./339/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./339/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./339/binderfs") = 0 [ 108.172345][ T6100] loop0: detected capacity change from 0 to 256 [ 108.177824][ T5080] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 108.182208][ T6100] exfat: Deprecated parameter 'utf8' [ 108.199271][ T6100] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./339/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./339/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./339/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./339/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./339/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./339/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./339") = 0 mkdir("./340", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6102 ./strace-static-x86_64: Process 6102 attached [pid 6102] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6102] chdir("./340") = 0 [pid 6102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6102] setpgid(0, 0) = 0 [pid 6102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6102] write(3, "1000", 4) = 4 [pid 6102] close(3) = 0 [pid 6102] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6102] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6102] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6102] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6103 attached [pid 6103] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6103] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6102] <... clone resumed>, parent_tid=[6103], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6103 [pid 6102] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6102] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6103] <... futex resumed>) = 0 [pid 6103] memfd_create("syzkaller", 0) = 3 [pid 6103] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6103] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6103] munmap(0x7f2656609000, 131072) = 0 [pid 6103] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6103] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6103] close(3) = 0 [pid 6103] mkdir("./file2", 0777) = 0 [pid 6103] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6103] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6103] chdir("./file2") = 0 [pid 6103] ioctl(4, LOOP_CLR_FD) = 0 [pid 6103] close(4) = 0 [pid 6103] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6102] <... futex resumed>) = 0 [pid 6103] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6102] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6103] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6102] <... futex resumed>) = 0 [pid 6103] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6102] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6103] <... openat resumed>) = 4 [pid 6103] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6102] <... futex resumed>) = 0 [pid 6103] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6102] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6103] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6102] <... futex resumed>) = 0 [pid 6103] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6102] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6103] <... openat resumed>) = 5 [pid 6103] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6102] <... futex resumed>) = 0 [pid 6103] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6102] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6103] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6102] <... futex resumed>) = 0 [pid 6103] write(4, "\x00\x00", 2 [pid 6102] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6103] <... write resumed>) = 2 [pid 6103] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6102] <... futex resumed>) = 0 [pid 6103] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6102] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6103] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6102] <... futex resumed>) = 0 [pid 6103] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6102] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6103] <... mmap resumed>) = 0x20000000 [pid 6102] <... futex resumed>) = 0 [pid 6103] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6103] <... futex resumed>) = 0 [pid 6102] <... mmap resumed>) = 0x7f2656608000 [pid 6103] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6102] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6102] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6104], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6104 ./strace-static-x86_64: Process 6104 attached [pid 6102] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6102] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6104] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6104] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6104] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6104] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6102] <... futex resumed>) = 0 [pid 6104] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6102] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6103] <... futex resumed>) = 0 [pid 6102] <... futex resumed>) = 1 [pid 6103] getdents64(-1, [pid 6102] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6103] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6103] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6102] <... futex resumed>) = 0 [pid 6103] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6102] exit_group(0 [pid 6104] <... futex resumed>) = ? [pid 6103] <... futex resumed>) = ? [pid 6102] <... exit_group resumed>) = ? [pid 6104] +++ exited with 0 +++ [pid 6103] +++ exited with 0 +++ [pid 6102] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6102, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./340", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./340", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./340/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./340/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./340/binderfs") = 0 umount2("./340/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./340/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./340/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./340/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./340/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 [ 108.298873][ T6103] loop0: detected capacity change from 0 to 256 [ 108.309052][ T6103] exfat: Deprecated parameter 'utf8' [ 108.318323][ T6103] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) rmdir("./340/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./340") = 0 mkdir("./341", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6105 ./strace-static-x86_64: Process 6105 attached [pid 6105] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6105] chdir("./341") = 0 [pid 6105] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6105] setpgid(0, 0) = 0 [pid 6105] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6105] write(3, "1000", 4) = 4 [pid 6105] close(3) = 0 [pid 6105] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6105] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6105] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6105] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6106], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6106 [pid 6105] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6105] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6106 attached [pid 6106] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6106] memfd_create("syzkaller", 0) = 3 [pid 6106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6106] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6106] munmap(0x7f2656609000, 131072) = 0 [pid 6106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6106] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6106] close(3) = 0 [pid 6106] mkdir("./file2", 0777) = 0 [pid 6106] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6106] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6106] chdir("./file2") = 0 [pid 6106] ioctl(4, LOOP_CLR_FD) = 0 [pid 6106] close(4) = 0 [pid 6106] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6105] <... futex resumed>) = 0 [pid 6105] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6106] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6105] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6106] <... openat resumed>) = 4 [pid 6106] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6105] <... futex resumed>) = 0 [pid 6105] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6105] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6106] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6106] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6105] <... futex resumed>) = 0 [pid 6106] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6105] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6106] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6105] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6106] write(4, "\x00\x00", 2) = 2 [pid 6106] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6105] <... futex resumed>) = 0 [pid 6105] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6106] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6105] <... futex resumed>) = 0 [pid 6105] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6106] <... mmap resumed>) = 0x20000000 [pid 6105] <... mmap resumed>) = 0x7f2656608000 [pid 6105] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6106] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6105] <... mprotect resumed>) = 0 [pid 6105] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6106] <... futex resumed>) = 0 [pid 6106] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6105] <... clone resumed>, parent_tid=[6107], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6107 [pid 6105] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6105] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6107 attached [pid 6107] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6107] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6107] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6107] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6105] <... futex resumed>) = 0 [pid 6105] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6106] <... futex resumed>) = 0 [pid 6105] <... futex resumed>) = 1 [pid 6106] getdents64(-1, [pid 6105] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6106] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6106] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6107] <... futex resumed>) = 1 [pid 6106] <... futex resumed>) = 1 [pid 6105] <... futex resumed>) = 0 [pid 6107] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6106] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6105] exit_group(0 [pid 6106] <... futex resumed>) = ? [pid 6105] <... exit_group resumed>) = ? [pid 6106] +++ exited with 0 +++ [pid 6107] <... futex resumed>) = ? [pid 6107] +++ exited with 0 +++ [pid 6105] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6105, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./341", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./341", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./341/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 108.401983][ T6106] loop0: detected capacity change from 0 to 256 [ 108.421368][ T6106] exfat: Deprecated parameter 'utf8' [ 108.431474][ T6106] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) lstat("./341/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./341/binderfs") = 0 umount2("./341/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./341/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./341/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./341/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./341/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./341/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./341") = 0 mkdir("./342", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6108 ./strace-static-x86_64: Process 6108 attached [pid 6108] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6108] chdir("./342") = 0 [pid 6108] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6108] setpgid(0, 0) = 0 [pid 6108] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6108] write(3, "1000", 4) = 4 [pid 6108] close(3) = 0 [pid 6108] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6108] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6108] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6108] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6108] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6109 attached , parent_tid=[6109], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6109 [pid 6109] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6109] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6108] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6109] <... futex resumed>) = 0 [pid 6109] memfd_create("syzkaller", 0 [pid 6108] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6109] <... memfd_create resumed>) = 3 [pid 6109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6109] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6109] munmap(0x7f2656609000, 131072) = 0 [pid 6109] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6109] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6109] close(3) = 0 [pid 6109] mkdir("./file2", 0777) = 0 [pid 6109] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6109] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6109] chdir("./file2") = 0 [pid 6109] ioctl(4, LOOP_CLR_FD) = 0 [pid 6109] close(4) = 0 [pid 6109] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6108] <... futex resumed>) = 0 [pid 6109] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6108] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6109] <... openat resumed>) = 4 [pid 6108] <... futex resumed>) = 0 [pid 6109] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6108] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6109] <... futex resumed>) = 0 [pid 6108] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6109] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6108] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6109] <... openat resumed>) = 5 [pid 6108] <... futex resumed>) = 0 [pid 6109] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6108] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6109] <... futex resumed>) = 0 [pid 6108] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6109] write(4, "\x00\x00", 2 [pid 6108] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6109] <... write resumed>) = 2 [pid 6108] <... futex resumed>) = 0 [pid 6109] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6108] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6109] <... futex resumed>) = 0 [pid 6108] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6109] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6108] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6109] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6108] <... futex resumed>) = 0 [pid 6109] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6108] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6109] <... mmap resumed>) = 0x20000000 [pid 6108] <... futex resumed>) = 0 [pid 6109] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6108] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6109] <... futex resumed>) = 0 [pid 6108] <... mmap resumed>) = 0x7f2656608000 [pid 6109] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6108] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6108] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6110 attached [pid 6110] set_robust_list(0x7f26566289e0, 24 [pid 6108] <... clone resumed>, parent_tid=[6110], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6110 [pid 6110] <... set_robust_list resumed>) = 0 [pid 6108] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6110] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6108] <... futex resumed>) = 0 [pid 6110] openat(AT_FDCWD, "", O_RDONLY [pid 6108] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6110] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 6110] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6108] <... futex resumed>) = 0 [pid 6110] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6108] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6109] <... futex resumed>) = 0 [pid 6108] <... futex resumed>) = 1 [pid 6109] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6108] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6109] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6108] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6109] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6108] exit_group(0 [pid 6110] <... futex resumed>) = ? [pid 6109] <... futex resumed>) = ? [pid 6108] <... exit_group resumed>) = ? [pid 6109] +++ exited with 0 +++ [pid 6110] +++ exited with 0 +++ [pid 6108] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6108, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./342", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./342", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./342/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./342/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./342/binderfs") = 0 umount2("./342/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./342/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./342/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./342/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./342/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./342/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./342") = 0 mkdir("./343", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 108.535173][ T6109] loop0: detected capacity change from 0 to 256 [ 108.544338][ T6109] exfat: Deprecated parameter 'utf8' [ 108.556054][ T6109] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6111 ./strace-static-x86_64: Process 6111 attached [pid 6111] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6111] chdir("./343") = 0 [pid 6111] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6111] setpgid(0, 0) = 0 [pid 6111] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6111] write(3, "1000", 4) = 4 [pid 6111] close(3) = 0 [pid 6111] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6111] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6111] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6111] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6111] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6112], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6112 [pid 6111] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6111] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6112 attached [pid 6112] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6112] memfd_create("syzkaller", 0) = 3 [pid 6112] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6112] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6112] munmap(0x7f2656609000, 131072) = 0 [pid 6112] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6112] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6112] close(3) = 0 [pid 6112] mkdir("./file2", 0777) = 0 [pid 6112] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6112] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6112] chdir("./file2") = 0 [pid 6112] ioctl(4, LOOP_CLR_FD) = 0 [pid 6112] close(4) = 0 [pid 6112] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6111] <... futex resumed>) = 0 [pid 6111] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6111] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6112] <... futex resumed>) = 1 [pid 6112] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6112] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6111] <... futex resumed>) = 0 [pid 6111] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6111] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6112] <... futex resumed>) = 1 [pid 6112] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6112] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6111] <... futex resumed>) = 0 [pid 6111] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6111] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6112] <... futex resumed>) = 1 [pid 6112] write(4, "\x00\x00", 2) = 2 [pid 6112] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6111] <... futex resumed>) = 0 [pid 6111] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6111] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6111] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6111] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6111] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6113], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6113 [pid 6111] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6111] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6112] <... futex resumed>) = 1 [pid 6112] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6112] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6112] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6113 attached [pid 6113] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6113] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6113] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6113] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6111] <... futex resumed>) = 0 [pid 6111] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6111] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6112] <... futex resumed>) = 0 [pid 6112] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6112] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6113] <... futex resumed>) = 1 [pid 6111] <... futex resumed>) = 0 [pid 6111] exit_group(0) = ? [pid 6112] <... futex resumed>) = ? [pid 6112] +++ exited with 0 +++ [pid 6113] +++ exited with 0 +++ [pid 6111] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6111, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./343", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./343", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./343/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./343/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./343/binderfs") = 0 umount2("./343/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 108.633232][ T6112] loop0: detected capacity change from 0 to 256 [ 108.642981][ T6112] exfat: Deprecated parameter 'utf8' [ 108.653985][ T6112] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./343/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./343/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./343/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./343/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./343/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./343") = 0 mkdir("./344", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6114 ./strace-static-x86_64: Process 6114 attached [pid 6114] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6114] chdir("./344") = 0 [pid 6114] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6114] setpgid(0, 0) = 0 [pid 6114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6114] write(3, "1000", 4) = 4 [pid 6114] close(3) = 0 [pid 6114] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6114] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6114] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6114] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6114] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6115 attached [pid 6115] set_robust_list(0x7f265ea299e0, 24 [pid 6114] <... clone resumed>, parent_tid=[6115], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6115 [pid 6115] <... set_robust_list resumed>) = 0 [pid 6114] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6114] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6115] memfd_create("syzkaller", 0) = 3 [pid 6115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6115] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6115] munmap(0x7f2656609000, 131072) = 0 [pid 6115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6115] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6115] close(3) = 0 [pid 6115] mkdir("./file2", 0777) = 0 [pid 6115] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6115] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6115] chdir("./file2") = 0 [pid 6115] ioctl(4, LOOP_CLR_FD) = 0 [pid 6115] close(4) = 0 [pid 6115] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6114] <... futex resumed>) = 0 [pid 6115] <... futex resumed>) = 1 [pid 6114] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6115] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6114] <... futex resumed>) = 0 [pid 6114] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6115] <... openat resumed>) = 4 [pid 6115] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6114] <... futex resumed>) = 0 [pid 6114] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6114] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6115] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6115] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6114] <... futex resumed>) = 0 [pid 6114] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6114] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6115] <... futex resumed>) = 1 [pid 6115] write(4, "\x00\x00", 2) = 2 [pid 6115] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6114] <... futex resumed>) = 0 [pid 6115] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6114] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6115] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6114] <... futex resumed>) = 0 [pid 6115] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6114] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6114] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6115] <... mmap resumed>) = 0x20000000 [pid 6114] <... mmap resumed>) = 0x7f2656608000 [pid 6115] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6114] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6115] <... futex resumed>) = 0 [pid 6114] <... mprotect resumed>) = 0 [pid 6115] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6114] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6116], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6116 ./strace-static-x86_64: Process 6116 attached [pid 6116] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6116] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6114] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6114] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6116] <... futex resumed>) = 0 [pid 6116] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6116] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6116] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6114] <... futex resumed>) = 0 [pid 6114] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6114] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6116] <... futex resumed>) = 1 [pid 6116] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6115] <... futex resumed>) = 0 [pid 6115] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6115] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6114] <... futex resumed>) = 0 [pid 6114] exit_group(0) = ? [pid 6116] <... futex resumed>) = ? [pid 6116] +++ exited with 0 +++ [pid 6115] <... futex resumed>) = ? [pid 6115] +++ exited with 0 +++ [pid 6114] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6114, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./344", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./344", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./344/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./344/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./344/binderfs") = 0 [ 108.768957][ T6115] loop0: detected capacity change from 0 to 256 [ 108.778975][ T6115] exfat: Deprecated parameter 'utf8' [ 108.790335][ T6115] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./344/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./344/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./344/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./344/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./344/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./344/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./344") = 0 mkdir("./345", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6117 attached [pid 6117] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6117] chdir("./345") = 0 [pid 6117] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6117] setpgid(0, 0) = 0 [pid 5078] <... clone resumed>, child_tidptr=0x555556b3a6d0) = 6117 [pid 6117] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6117] write(3, "1000", 4) = 4 [pid 6117] close(3) = 0 [pid 6117] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6117] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6117] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6117] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6117] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6118 attached [pid 6118] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6118] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6117] <... clone resumed>, parent_tid=[6118], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6118 [pid 6117] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6117] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6118] <... futex resumed>) = 0 [pid 6118] memfd_create("syzkaller", 0) = 3 [pid 6118] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6118] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6118] munmap(0x7f2656609000, 131072) = 0 [pid 6118] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6118] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6118] close(3) = 0 [pid 6118] mkdir("./file2", 0777) = 0 [pid 6118] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6118] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6118] chdir("./file2") = 0 [pid 6118] ioctl(4, LOOP_CLR_FD) = 0 [pid 6118] close(4) = 0 [pid 6118] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6117] <... futex resumed>) = 0 [pid 6118] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6117] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6118] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6117] <... futex resumed>) = 0 [pid 6118] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6117] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6118] <... openat resumed>) = 4 [pid 6118] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6117] <... futex resumed>) = 0 [pid 6118] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6117] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6118] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6117] <... futex resumed>) = 0 [pid 6118] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6117] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6118] <... openat resumed>) = 5 [pid 6118] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6117] <... futex resumed>) = 0 [pid 6118] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6117] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6118] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6117] <... futex resumed>) = 0 [pid 6118] write(4, "\x00\x00", 2 [pid 6117] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6118] <... write resumed>) = 2 [pid 6118] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6117] <... futex resumed>) = 0 [pid 6118] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6117] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6118] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6117] <... futex resumed>) = 0 [pid 6118] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6117] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6118] <... mmap resumed>) = 0x20000000 [pid 6117] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6118] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6117] <... mmap resumed>) = 0x7f2656608000 [pid 6117] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6118] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6117] <... mprotect resumed>) = 0 [pid 6117] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6119 attached , parent_tid=[6119], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6119 [pid 6119] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6119] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6117] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6119] <... futex resumed>) = 0 [pid 6119] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6119] openat(AT_FDCWD, "", O_RDONLY [pid 6117] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6119] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 6119] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6117] <... futex resumed>) = 0 [pid 6117] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6117] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6119] <... futex resumed>) = 1 [pid 6119] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6118] <... futex resumed>) = 0 [pid 6118] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6118] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6117] <... futex resumed>) = 0 [pid 6118] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6117] exit_group(0 [pid 6118] <... futex resumed>) = ? [pid 6117] <... exit_group resumed>) = ? [pid 6119] <... futex resumed>) = ? [pid 6118] +++ exited with 0 +++ [pid 6119] +++ exited with 0 +++ [pid 6117] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6117, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./345", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./345", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./345/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./345/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./345/binderfs") = 0 [ 108.899183][ T6118] loop0: detected capacity change from 0 to 256 [ 108.908023][ T6118] exfat: Deprecated parameter 'utf8' [ 108.919485][ T6118] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./345/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./345/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./345/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./345/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./345/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./345/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./345") = 0 mkdir("./346", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6120 ./strace-static-x86_64: Process 6120 attached [pid 6120] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6120] chdir("./346") = 0 [pid 6120] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6120] setpgid(0, 0) = 0 [pid 6120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6120] write(3, "1000", 4) = 4 [pid 6120] close(3) = 0 [pid 6120] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6120] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6120] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6120] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6120] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6121], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6121 [pid 6120] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6120] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6121 attached [pid 6121] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6121] memfd_create("syzkaller", 0) = 3 [pid 6121] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6121] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6121] munmap(0x7f2656609000, 131072) = 0 [pid 6121] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6121] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6121] close(3) = 0 [pid 6121] mkdir("./file2", 0777) = 0 [pid 6121] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6121] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6121] chdir("./file2") = 0 [pid 6121] ioctl(4, LOOP_CLR_FD) = 0 [pid 6121] close(4) = 0 [pid 6121] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6120] <... futex resumed>) = 0 [pid 6121] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6120] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6121] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6120] <... futex resumed>) = 0 [pid 6121] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6120] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6121] <... openat resumed>) = 4 [pid 6121] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6120] <... futex resumed>) = 0 [pid 6121] <... futex resumed>) = 1 [pid 6120] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6121] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6120] <... futex resumed>) = 0 [pid 6120] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6121] <... openat resumed>) = 5 [pid 6121] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6120] <... futex resumed>) = 0 [pid 6121] <... futex resumed>) = 1 [pid 6120] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6121] write(4, "\x00\x00", 2 [pid 6120] <... futex resumed>) = 0 [pid 6120] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6121] <... write resumed>) = 2 [pid 6121] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6120] <... futex resumed>) = 0 [pid 6121] <... futex resumed>) = 1 [pid 6120] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6120] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6120] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6120] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6121] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6120] <... mprotect resumed>) = 0 [pid 6120] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6122], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6122 [pid 6121] <... mmap resumed>) = 0x20000000 [pid 6120] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6120] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6121] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6121] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6122 attached [pid 6122] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6122] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6122] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6122] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6120] <... futex resumed>) = 0 [pid 6120] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6120] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6121] <... futex resumed>) = 0 [pid 6121] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6121] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6120] <... futex resumed>) = 0 [pid 6122] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6120] exit_group(0) = ? [pid 6122] <... futex resumed>) = ? [pid 6121] <... futex resumed>) = ? [pid 6121] +++ exited with 0 +++ [pid 6122] +++ exited with 0 +++ [pid 6120] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6120, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./346", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 109.002091][ T6121] loop0: detected capacity change from 0 to 256 [ 109.007895][ T5080] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 109.011444][ T6121] exfat: Deprecated parameter 'utf8' [ 109.031658][ T6121] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) openat(AT_FDCWD, "./346", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./346/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./346/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./346/binderfs") = 0 umount2("./346/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./346/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./346/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./346/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./346/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./346/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./346") = 0 mkdir("./347", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6123 ./strace-static-x86_64: Process 6123 attached [pid 6123] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6123] chdir("./347") = 0 [pid 6123] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6123] setpgid(0, 0) = 0 [pid 6123] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6123] write(3, "1000", 4) = 4 [pid 6123] close(3) = 0 [pid 6123] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6123] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6123] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6123] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6123] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6124], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6124 ./strace-static-x86_64: Process 6124 attached [pid 6124] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6124] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6123] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6124] <... futex resumed>) = 0 [pid 6123] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6124] memfd_create("syzkaller", 0) = 3 [pid 6124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6124] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6124] munmap(0x7f2656609000, 131072) = 0 [pid 6124] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6124] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6124] close(3) = 0 [pid 6124] mkdir("./file2", 0777) = 0 [pid 6124] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6124] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6124] chdir("./file2") = 0 [pid 6124] ioctl(4, LOOP_CLR_FD) = 0 [pid 6124] close(4) = 0 [pid 6124] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6123] <... futex resumed>) = 0 [pid 6123] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6123] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6124] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6124] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6123] <... futex resumed>) = 0 [pid 6123] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6124] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6123] <... futex resumed>) = 0 [pid 6123] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6124] <... openat resumed>) = 5 [pid 6124] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6123] <... futex resumed>) = 0 [pid 6124] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6123] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6124] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6124] write(4, "\x00\x00", 2) = 2 [pid 6124] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6124] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 6123] <... futex resumed>) = 1 [pid 6124] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6123] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6123] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6124] <... futex resumed>) = 0 [pid 6123] <... futex resumed>) = 1 [pid 6124] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6123] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6124] <... mmap resumed>) = 0x20000000 [pid 6123] <... futex resumed>) = 0 [pid 6124] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6123] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6124] <... futex resumed>) = 0 [pid 6123] <... mmap resumed>) = 0x7f2656608000 [pid 6124] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6123] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6123] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6125], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6125 ./strace-static-x86_64: Process 6125 attached [pid 6123] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6123] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6125] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6125] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6125] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6125] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6123] <... futex resumed>) = 0 [pid 6125] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6123] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6124] <... futex resumed>) = 0 [pid 6123] <... futex resumed>) = 1 [pid 6124] getdents64(-1, [pid 6123] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6124] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6124] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6123] <... futex resumed>) = 0 [pid 6124] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6123] exit_group(0 [pid 6125] <... futex resumed>) = ? [pid 6124] <... futex resumed>) = ? [pid 6123] <... exit_group resumed>) = ? [pid 6125] +++ exited with 0 +++ [pid 6124] +++ exited with 0 +++ [pid 6123] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6123, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./347", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./347", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./347/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./347/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./347/binderfs") = 0 [ 109.143690][ T6124] loop0: detected capacity change from 0 to 256 [ 109.152706][ T6124] exfat: Deprecated parameter 'utf8' [ 109.164058][ T6124] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./347/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./347/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./347/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./347/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./347/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./347/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./347") = 0 mkdir("./348", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6126 ./strace-static-x86_64: Process 6126 attached [pid 6126] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6126] chdir("./348") = 0 [pid 6126] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6126] setpgid(0, 0) = 0 [pid 6126] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6126] write(3, "1000", 4) = 4 [pid 6126] close(3) = 0 [pid 6126] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6126] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6126] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6126] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6126] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6127 attached [pid 6127] set_robust_list(0x7f265ea299e0, 24 [pid 6126] <... clone resumed>, parent_tid=[6127], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6127 [pid 6127] <... set_robust_list resumed>) = 0 [pid 6126] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6127] memfd_create("syzkaller", 0 [pid 6126] <... futex resumed>) = 0 [pid 6127] <... memfd_create resumed>) = 3 [pid 6126] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6127] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6127] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6127] munmap(0x7f2656609000, 131072) = 0 [pid 6127] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6127] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6127] close(3) = 0 [pid 6127] mkdir("./file2", 0777) = 0 [pid 6127] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6127] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6127] chdir("./file2") = 0 [pid 6127] ioctl(4, LOOP_CLR_FD) = 0 [pid 6127] close(4) = 0 [pid 6127] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6126] <... futex resumed>) = 0 [pid 6126] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6126] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6127] <... futex resumed>) = 1 [pid 6127] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6127] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6126] <... futex resumed>) = 0 [pid 6126] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6126] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6127] <... futex resumed>) = 1 [pid 6127] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6127] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6126] <... futex resumed>) = 0 [pid 6127] <... futex resumed>) = 1 [pid 6126] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6126] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6127] write(4, "\x00\x00", 2) = 2 [pid 6127] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6126] <... futex resumed>) = 0 [pid 6126] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6126] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6126] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6126] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6126] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6128], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6128 [pid 6126] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6126] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6127] <... futex resumed>) = 1 [pid 6127] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0./strace-static-x86_64: Process 6128 attached [pid 6128] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6127] <... mmap resumed>) = 0x20000000 [pid 6128] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6127] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6127] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6128] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6128] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6126] <... futex resumed>) = 0 [pid 6126] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6128] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6126] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6127] <... futex resumed>) = 0 [pid 6127] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6127] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6126] <... futex resumed>) = 0 [pid 6126] exit_group(0) = ? [pid 6128] <... futex resumed>) = ? [pid 6128] +++ exited with 0 +++ [pid 6127] <... futex resumed>) = ? [pid 6127] +++ exited with 0 +++ [pid 6126] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6126, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./348", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./348", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./348/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./348/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./348/binderfs") = 0 [ 109.276261][ T6127] loop0: detected capacity change from 0 to 256 [ 109.285455][ T6127] exfat: Deprecated parameter 'utf8' [ 109.296049][ T6127] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./348/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./348/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./348/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./348/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./348/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./348/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./348") = 0 mkdir("./349", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6129 ./strace-static-x86_64: Process 6129 attached [pid 6129] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6129] chdir("./349") = 0 [pid 6129] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6129] setpgid(0, 0) = 0 [pid 6129] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6129] write(3, "1000", 4) = 4 [pid 6129] close(3) = 0 [pid 6129] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6129] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6129] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6129] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6130 attached [pid 6130] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6130] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6129] <... clone resumed>, parent_tid=[6130], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6130 [pid 6129] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6130] <... futex resumed>) = 0 [pid 6129] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6130] memfd_create("syzkaller", 0) = 3 [pid 6130] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6130] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6130] munmap(0x7f2656609000, 131072) = 0 [pid 6130] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6130] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6130] close(3) = 0 [pid 6130] mkdir("./file2", 0777) = 0 [pid 6130] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6130] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6130] chdir("./file2") = 0 [pid 6130] ioctl(4, LOOP_CLR_FD) = 0 [pid 6130] close(4) = 0 [pid 6130] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6129] <... futex resumed>) = 0 [pid 6129] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6130] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6129] <... futex resumed>) = 0 [pid 6129] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6130] <... openat resumed>) = 4 [pid 6130] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6129] <... futex resumed>) = 0 [pid 6129] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6129] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6130] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6130] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6129] <... futex resumed>) = 0 [pid 6129] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6129] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6130] write(4, "\x00\x00", 2) = 2 [pid 6130] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6129] <... futex resumed>) = 0 [pid 6129] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6129] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6129] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6129] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6131 attached , parent_tid=[6131], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6131 [pid 6131] set_robust_list(0x7f26566289e0, 24 [pid 6129] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6129] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6130] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6131] <... set_robust_list resumed>) = 0 [pid 6131] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6130] <... mmap resumed>) = 0x20000000 [pid 6130] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6131] <... openat resumed>) = 6 [pid 6131] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6130] <... futex resumed>) = 0 [pid 6129] <... futex resumed>) = 0 [pid 6131] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6129] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6130] getdents64(6, [pid 6129] <... futex resumed>) = 0 [pid 6129] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6130] <... getdents64 resumed>NULL, 32776) = -1 EFAULT (Bad address) [pid 6130] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6129] <... futex resumed>) = 0 [pid 6130] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6129] exit_group(0 [pid 6131] <... futex resumed>) = ? [pid 6130] <... futex resumed>) = ? [pid 6129] <... exit_group resumed>) = ? [pid 6131] +++ exited with 0 +++ [pid 6130] +++ exited with 0 +++ [pid 6129] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6129, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./349", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./349", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./349/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./349/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./349/binderfs") = 0 [ 109.391931][ T6130] loop0: detected capacity change from 0 to 256 [ 109.402129][ T6130] exfat: Deprecated parameter 'utf8' [ 109.411931][ T6130] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./349/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./349/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./349/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./349/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./349/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./349/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./349") = 0 mkdir("./350", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6132 ./strace-static-x86_64: Process 6132 attached [pid 6132] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6132] chdir("./350") = 0 [pid 6132] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6132] setpgid(0, 0) = 0 [pid 6132] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6132] write(3, "1000", 4) = 4 [pid 6132] close(3) = 0 [pid 6132] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6132] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6132] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6132] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6132] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6133], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6133 ./strace-static-x86_64: Process 6133 attached [pid 6132] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6132] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6133] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6133] memfd_create("syzkaller", 0) = 3 [pid 6133] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6133] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6133] munmap(0x7f2656609000, 131072) = 0 [pid 6133] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6133] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6133] close(3) = 0 [pid 6133] mkdir("./file2", 0777) = 0 [pid 6133] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6133] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6133] chdir("./file2") = 0 [pid 6133] ioctl(4, LOOP_CLR_FD) = 0 [pid 6133] close(4) = 0 [pid 6133] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6132] <... futex resumed>) = 0 [pid 6133] <... futex resumed>) = 1 [pid 6132] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6132] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6133] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6133] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6132] <... futex resumed>) = 0 [pid 6133] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6132] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6132] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6133] <... openat resumed>) = 5 [pid 6133] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6132] <... futex resumed>) = 0 [pid 6133] write(4, "\x00\x00", 2 [pid 6132] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6133] <... write resumed>) = 2 [pid 6133] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6132] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6133] <... futex resumed>) = 0 [pid 6132] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6133] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6132] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6132] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6132] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6133] <... mmap resumed>) = 0x20000000 [pid 6133] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6132] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6133] <... futex resumed>) = 0 [pid 6132] <... mprotect resumed>) = 0 [pid 6133] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6132] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6134 attached , parent_tid=[6134], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6134 [pid 6132] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6134] set_robust_list(0x7f26566289e0, 24 [pid 6132] <... futex resumed>) = 0 [pid 6134] <... set_robust_list resumed>) = 0 [pid 6132] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6134] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6134] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6134] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6132] <... futex resumed>) = 0 [pid 6132] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6132] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6134] <... futex resumed>) = 1 [pid 6134] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6133] <... futex resumed>) = 0 [pid 6133] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6133] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6132] <... futex resumed>) = 0 [pid 6133] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6132] exit_group(0 [pid 6134] <... futex resumed>) = ? [pid 6132] <... exit_group resumed>) = ? [pid 6134] +++ exited with 0 +++ [pid 6133] <... futex resumed>) = ? [pid 6133] +++ exited with 0 +++ [pid 6132] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6132, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./350", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./350", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./350/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./350/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./350/binderfs") = 0 umount2("./350/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 109.523697][ T6133] loop0: detected capacity change from 0 to 256 [ 109.532516][ T6133] exfat: Deprecated parameter 'utf8' [ 109.543576][ T6133] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./350/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./350/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./350/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./350/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./350/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./350") = 0 mkdir("./351", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6135 ./strace-static-x86_64: Process 6135 attached [pid 6135] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6135] chdir("./351") = 0 [pid 6135] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6135] setpgid(0, 0) = 0 [pid 6135] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6135] write(3, "1000", 4) = 4 [pid 6135] close(3) = 0 [pid 6135] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6135] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6135] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6135] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6135] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6136 attached [pid 6136] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6136] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6135] <... clone resumed>, parent_tid=[6136], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6136 [pid 6135] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6136] <... futex resumed>) = 0 [pid 6135] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6136] memfd_create("syzkaller", 0) = 3 [pid 6136] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6136] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6136] munmap(0x7f2656609000, 131072) = 0 [pid 6136] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6136] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6136] close(3) = 0 [pid 6136] mkdir("./file2", 0777) = 0 [pid 6136] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6136] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6136] chdir("./file2") = 0 [pid 6136] ioctl(4, LOOP_CLR_FD) = 0 [pid 6136] close(4) = 0 [pid 6136] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6135] <... futex resumed>) = 0 [pid 6136] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6135] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6136] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6135] <... futex resumed>) = 0 [pid 6136] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6135] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6136] <... openat resumed>) = 4 [pid 6136] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6135] <... futex resumed>) = 0 [pid 6136] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6135] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6136] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6135] <... futex resumed>) = 0 [pid 6136] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6135] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6136] <... openat resumed>) = 5 [pid 6136] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6135] <... futex resumed>) = 0 [pid 6136] write(4, "\x00\x00", 2 [pid 6135] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6136] <... write resumed>) = 2 [pid 6135] <... futex resumed>) = 0 [pid 6136] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6135] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6136] <... futex resumed>) = 0 [pid 6135] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6136] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6135] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6136] <... mmap resumed>) = 0x20000000 [pid 6135] <... futex resumed>) = 0 [pid 6136] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6135] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6136] <... futex resumed>) = 0 [pid 6135] <... futex resumed>) = 0 [pid 6136] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6135] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6135] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6135] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6137 attached , parent_tid=[6137], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6137 [pid 6135] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6135] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6137] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6137] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6137] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6137] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6135] <... futex resumed>) = 0 [pid 6137] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6135] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6136] <... futex resumed>) = 0 [pid 6135] <... futex resumed>) = 1 [pid 6136] getdents64(-1, [pid 6135] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6136] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6136] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6135] <... futex resumed>) = 0 [pid 6136] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6135] exit_group(0 [pid 6137] <... futex resumed>) = ? [pid 6136] <... futex resumed>) = ? [pid 6135] <... exit_group resumed>) = ? [pid 6137] +++ exited with 0 +++ [pid 6136] +++ exited with 0 +++ [pid 6135] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6135, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./351", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./351", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./351/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./351/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./351/binderfs") = 0 umount2("./351/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 109.656752][ T6136] loop0: detected capacity change from 0 to 256 [ 109.665276][ T6136] exfat: Deprecated parameter 'utf8' [ 109.675256][ T6136] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./351/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./351/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./351/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./351/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./351/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./351") = 0 mkdir("./352", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6138 ./strace-static-x86_64: Process 6138 attached [pid 6138] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6138] chdir("./352") = 0 [pid 6138] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6138] setpgid(0, 0) = 0 [pid 6138] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6138] write(3, "1000", 4) = 4 [pid 6138] close(3) = 0 [pid 6138] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6138] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6138] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6138] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6138] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6139], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6139 [pid 6138] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6138] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6139 attached [pid 6139] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6139] memfd_create("syzkaller", 0) = 3 [pid 6139] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6139] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6139] munmap(0x7f2656609000, 131072) = 0 [pid 6139] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6139] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6139] close(3) = 0 [pid 6139] mkdir("./file2", 0777) = 0 [pid 6139] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6139] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6139] chdir("./file2") = 0 [pid 6139] ioctl(4, LOOP_CLR_FD) = 0 [pid 6139] close(4) = 0 [pid 6139] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6138] <... futex resumed>) = 0 [pid 6138] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6139] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6138] <... futex resumed>) = 0 [pid 6138] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6139] <... openat resumed>) = 4 [pid 6139] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6138] <... futex resumed>) = 0 [pid 6139] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6138] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6138] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6139] <... openat resumed>) = 5 [pid 6139] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6138] <... futex resumed>) = 0 [pid 6138] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6138] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6139] write(4, "\x00\x00", 2) = 2 [pid 6139] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6138] <... futex resumed>) = 0 [pid 6139] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6138] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6138] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6138] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6138] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6139] <... mmap resumed>) = 0x20000000 [pid 6138] <... mprotect resumed>) = 0 [pid 6139] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6138] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6139] <... futex resumed>) = 0 [pid 6138] <... clone resumed>, parent_tid=[6140], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6140 ./strace-static-x86_64: Process 6140 attached [pid 6139] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6138] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6138] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6140] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6140] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6140] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6140] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6138] <... futex resumed>) = 0 [pid 6138] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6139] <... futex resumed>) = 0 [pid 6138] <... futex resumed>) = 1 [pid 6138] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6140] <... futex resumed>) = 1 [pid 6139] getdents64(-1, [pid 6140] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6139] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6139] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6138] <... futex resumed>) = 0 [pid 6139] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6138] exit_group(0 [pid 6140] <... futex resumed>) = ? [pid 6139] <... futex resumed>) = ? [pid 6138] <... exit_group resumed>) = ? [pid 6139] +++ exited with 0 +++ [pid 6140] +++ exited with 0 +++ [pid 6138] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6138, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./352", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./352", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./352/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./352/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./352/binderfs") = 0 umount2("./352/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./352/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./352/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./352/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./352/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 [ 109.777321][ T6139] loop0: detected capacity change from 0 to 256 [ 109.787327][ T6139] exfat: Deprecated parameter 'utf8' [ 109.796676][ T6139] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./352/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./352") = 0 mkdir("./353", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6141 ./strace-static-x86_64: Process 6141 attached [pid 6141] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6141] chdir("./353") = 0 [pid 6141] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6141] setpgid(0, 0) = 0 [pid 6141] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6141] write(3, "1000", 4) = 4 [pid 6141] close(3) = 0 [pid 6141] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6141] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6141] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6141] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6141] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6142 attached [pid 6142] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6142] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6141] <... clone resumed>, parent_tid=[6142], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6142 [pid 6141] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6142] <... futex resumed>) = 0 [pid 6141] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6142] memfd_create("syzkaller", 0) = 3 [pid 6142] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6142] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6142] munmap(0x7f2656609000, 131072) = 0 [pid 6142] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6142] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6142] close(3) = 0 [pid 6142] mkdir("./file2", 0777) = 0 [pid 6142] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6142] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6142] chdir("./file2") = 0 [pid 6142] ioctl(4, LOOP_CLR_FD) = 0 [pid 6142] close(4) = 0 [pid 6142] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6141] <... futex resumed>) = 0 [pid 6142] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6141] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6142] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6141] <... futex resumed>) = 0 [pid 6142] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6141] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6142] <... openat resumed>) = 4 [pid 6142] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6141] <... futex resumed>) = 0 [pid 6142] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6141] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6142] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6141] <... futex resumed>) = 0 [pid 6142] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6141] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6142] <... openat resumed>) = 5 [pid 6142] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6141] <... futex resumed>) = 0 [pid 6142] write(4, "\x00\x00", 2 [pid 6141] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6142] <... write resumed>) = 2 [pid 6141] <... futex resumed>) = 0 [pid 6142] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6141] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6142] <... futex resumed>) = 0 [pid 6141] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6142] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6141] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6141] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6142] <... mmap resumed>) = 0x20000000 [pid 6141] <... futex resumed>) = 0 [pid 6142] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6141] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6142] <... futex resumed>) = 0 [pid 6142] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6141] <... mmap resumed>) = 0x7f2656608000 [pid 6141] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6141] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6143], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6143 [pid 6141] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6141] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6143 attached [pid 6143] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6143] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6143] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6143] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6141] <... futex resumed>) = 0 [pid 6143] <... futex resumed>) = 1 [pid 6143] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6141] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6142] <... futex resumed>) = 0 [pid 6141] <... futex resumed>) = 1 [pid 6142] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6142] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6142] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6141] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6141] exit_group(0 [pid 6142] <... futex resumed>) = ? [pid 6141] <... exit_group resumed>) = ? [pid 6142] +++ exited with 0 +++ [pid 6143] <... futex resumed>) = ? [pid 6143] +++ exited with 0 +++ [pid 6141] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6141, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./353", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./353", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./353/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./353/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./353/binderfs") = 0 umount2("./353/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./353/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./353/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./353/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./353/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./353/file2") = 0 [ 109.895848][ T6142] loop0: detected capacity change from 0 to 256 [ 109.905678][ T6142] exfat: Deprecated parameter 'utf8' [ 109.915265][ T6142] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./353") = 0 mkdir("./354", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6144 ./strace-static-x86_64: Process 6144 attached [pid 6144] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6144] chdir("./354") = 0 [pid 6144] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6144] setpgid(0, 0) = 0 [pid 6144] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6144] write(3, "1000", 4) = 4 [pid 6144] close(3) = 0 [pid 6144] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6144] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6144] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6144] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6145], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6145 ./strace-static-x86_64: Process 6145 attached [pid 6145] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6145] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6144] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6144] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6145] <... futex resumed>) = 0 [pid 6145] memfd_create("syzkaller", 0) = 3 [pid 6145] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6145] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6145] munmap(0x7f2656609000, 131072) = 0 [pid 6145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6145] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6145] close(3) = 0 [pid 6145] mkdir("./file2", 0777) = 0 [pid 6145] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6145] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6145] chdir("./file2") = 0 [pid 6145] ioctl(4, LOOP_CLR_FD) = 0 [pid 6145] close(4) = 0 [pid 6145] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6144] <... futex resumed>) = 0 [pid 6144] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6144] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6145] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6145] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6144] <... futex resumed>) = 0 [pid 6144] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6144] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6145] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6145] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6144] <... futex resumed>) = 0 [pid 6144] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6144] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6145] write(4, "\x00\x00", 2) = 2 [pid 6145] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6144] <... futex resumed>) = 0 [pid 6144] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6144] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6145] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6144] <... mmap resumed>) = 0x7f2656608000 [pid 6144] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6145] <... mmap resumed>) = 0x20000000 [pid 6144] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6145] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6144] <... clone resumed>, parent_tid=[6146], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6146 [pid 6144] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6144] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6146 attached [pid 6145] <... futex resumed>) = 0 [pid 6146] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6146] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6145] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6146] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6146] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6144] <... futex resumed>) = 0 [pid 6144] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6144] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6146] <... futex resumed>) = 1 [pid 6146] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6145] <... futex resumed>) = 0 [pid 6145] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6145] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6144] <... futex resumed>) = 0 [pid 6145] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6144] exit_group(0 [pid 6145] <... futex resumed>) = ? [pid 6144] <... exit_group resumed>) = ? [pid 6145] +++ exited with 0 +++ [pid 6146] <... futex resumed>) = ? [pid 6146] +++ exited with 0 +++ [pid 6144] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6144, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./354", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./354", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./354/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./354/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./354/binderfs") = 0 [ 110.015208][ T6145] loop0: detected capacity change from 0 to 256 [ 110.025617][ T6145] exfat: Deprecated parameter 'utf8' [ 110.037272][ T6145] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./354/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./354/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./354/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./354/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./354/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./354/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./354") = 0 mkdir("./355", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6147 ./strace-static-x86_64: Process 6147 attached [pid 6147] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6147] chdir("./355") = 0 [pid 6147] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6147] setpgid(0, 0) = 0 [pid 6147] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6147] write(3, "1000", 4) = 4 [pid 6147] close(3) = 0 [pid 6147] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6147] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6147] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6147] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6147] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6148], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6148 [pid 6147] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6147] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6148 attached [pid 6148] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6148] memfd_create("syzkaller", 0) = 3 [pid 6148] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6148] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6148] munmap(0x7f2656609000, 131072) = 0 [pid 6148] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6148] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6148] close(3) = 0 [pid 6148] mkdir("./file2", 0777) = 0 [ 110.119895][ T6148] loop0: detected capacity change from 0 to 256 [ 110.126430][ T5080] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 110.126529][ T5080] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 110.139747][ T6148] exfat: Deprecated parameter 'utf8' [ 110.155834][ T5080] Buffer I/O error on dev loop0, logical block 0, async page read [pid 6148] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6148] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6148] chdir("./file2") = 0 [pid 6148] ioctl(4, LOOP_CLR_FD) = 0 [pid 6148] close(4) = 0 [pid 6148] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6147] <... futex resumed>) = 0 [pid 6147] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6147] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6148] <... futex resumed>) = 1 [pid 6148] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6148] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6147] <... futex resumed>) = 0 [pid 6147] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6147] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6148] <... futex resumed>) = 1 [pid 6148] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6148] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6147] <... futex resumed>) = 0 [pid 6147] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6147] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6148] <... futex resumed>) = 1 [pid 6148] write(4, "\x00\x00", 2) = 2 [pid 6148] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6147] <... futex resumed>) = 0 [pid 6147] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6147] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6147] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6147] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6147] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6149], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6149 [pid 6147] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6147] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6148] <... futex resumed>) = 1 [pid 6148] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6148] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6148] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6149 attached [pid 6149] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6149] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6149] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6149] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6147] <... futex resumed>) = 0 [pid 6147] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6148] <... futex resumed>) = 0 [pid 6147] <... futex resumed>) = 1 [pid 6148] getdents64(-1, [pid 6147] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6148] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6148] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6149] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6148] <... futex resumed>) = 1 [pid 6147] <... futex resumed>) = 0 [pid 6148] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6147] exit_group(0 [pid 6148] <... futex resumed>) = ? [pid 6147] <... exit_group resumed>) = ? [pid 6149] <... futex resumed>) = ? [pid 6148] +++ exited with 0 +++ [pid 6149] +++ exited with 0 +++ [pid 6147] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6147, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./355", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./355", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./355/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./355/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./355/binderfs") = 0 [ 110.171038][ T6148] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./355/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./355/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./355/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./355/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./355/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./355/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./355") = 0 mkdir("./356", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6150 ./strace-static-x86_64: Process 6150 attached [pid 6150] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6150] chdir("./356") = 0 [pid 6150] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6150] setpgid(0, 0) = 0 [pid 6150] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6150] write(3, "1000", 4) = 4 [pid 6150] close(3) = 0 [pid 6150] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6150] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6150] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6150] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6150] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6151 attached , parent_tid=[6151], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6151 [pid 6151] set_robust_list(0x7f265ea299e0, 24 [pid 6150] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6151] <... set_robust_list resumed>) = 0 [pid 6150] <... futex resumed>) = 0 [pid 6150] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6151] memfd_create("syzkaller", 0) = 3 [pid 6151] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6151] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6151] munmap(0x7f2656609000, 131072) = 0 [pid 6151] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6151] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6151] close(3) = 0 [pid 6151] mkdir("./file2", 0777) = 0 [pid 6151] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6151] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6151] chdir("./file2") = 0 [pid 6151] ioctl(4, LOOP_CLR_FD) = 0 [pid 6151] close(4) = 0 [pid 6151] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6150] <... futex resumed>) = 0 [pid 6150] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6150] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6151] <... futex resumed>) = 1 [pid 6151] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6151] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6150] <... futex resumed>) = 0 [pid 6150] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6150] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6151] <... futex resumed>) = 1 [pid 6151] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6151] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6150] <... futex resumed>) = 0 [pid 6151] write(4, "\x00\x00", 2 [pid 6150] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6150] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6151] <... write resumed>) = 2 [pid 6151] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6150] <... futex resumed>) = 0 [pid 6150] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6150] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6150] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6150] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6151] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6150] <... mprotect resumed>) = 0 [pid 6150] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6152 attached [pid 6152] set_robust_list(0x7f26566289e0, 24 [pid 6150] <... clone resumed>, parent_tid=[6152], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6152 [pid 6152] <... set_robust_list resumed>) = 0 [pid 6150] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6152] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6150] <... futex resumed>) = 0 [pid 6150] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6152] <... openat resumed>) = 6 [pid 6152] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6150] <... futex resumed>) = 0 [pid 6152] <... futex resumed>) = 1 [pid 6150] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6152] getdents64(6, [pid 6150] <... futex resumed>) = 0 [pid 6152] <... getdents64 resumed>NULL, 32776) = -1 EFAULT (Bad address) [pid 6150] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6152] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6150] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6152] <... futex resumed>) = 0 [pid 6152] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6151] <... mmap resumed>) = 0x20000000 [pid 6151] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6150] exit_group(0) = ? [pid 6152] <... futex resumed>) = ? [pid 6152] +++ exited with 0 +++ [pid 6151] <... futex resumed>) = ? [pid 6151] +++ exited with 0 +++ [pid 6150] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6150, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./356", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./356", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./356/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./356/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./356/binderfs") = 0 [ 110.276622][ T6151] loop0: detected capacity change from 0 to 256 [ 110.285600][ T6151] exfat: Deprecated parameter 'utf8' [ 110.297204][ T6151] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./356/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./356/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./356/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./356/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./356/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./356/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./356") = 0 mkdir("./357", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6153 ./strace-static-x86_64: Process 6153 attached [pid 6153] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6153] chdir("./357") = 0 [pid 6153] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6153] setpgid(0, 0) = 0 [pid 6153] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6153] write(3, "1000", 4) = 4 [pid 6153] close(3) = 0 [pid 6153] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6153] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6153] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6153] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6153] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6154], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6154 [pid 6153] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6153] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6154 attached [pid 6154] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6154] memfd_create("syzkaller", 0) = 3 [pid 6154] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6154] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6154] munmap(0x7f2656609000, 131072) = 0 [pid 6154] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6154] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6154] close(3) = 0 [pid 6154] mkdir("./file2", 0777) = 0 [pid 6154] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6154] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6154] chdir("./file2") = 0 [pid 6154] ioctl(4, LOOP_CLR_FD) = 0 [pid 6154] close(4) = 0 [pid 6154] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6153] <... futex resumed>) = 0 [pid 6154] <... futex resumed>) = 1 [pid 6153] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6154] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6153] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6154] <... openat resumed>) = 4 [pid 6154] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6153] <... futex resumed>) = 0 [pid 6154] <... futex resumed>) = 1 [pid 6153] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6153] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6154] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6154] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6153] <... futex resumed>) = 0 [pid 6154] <... futex resumed>) = 1 [pid 6153] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6153] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6154] write(4, "\x00\x00", 2) = 2 [pid 6154] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6153] <... futex resumed>) = 0 [pid 6154] <... futex resumed>) = 1 [pid 6153] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6154] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6153] <... futex resumed>) = 0 [pid 6153] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6153] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6154] <... mmap resumed>) = 0x20000000 [pid 6153] <... mmap resumed>) = 0x7f2656608000 [pid 6153] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6154] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6153] <... mprotect resumed>) = 0 [pid 6154] <... futex resumed>) = 0 [pid 6154] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6153] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6155 attached , parent_tid=[6155], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6155 [pid 6153] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6153] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6155] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6155] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6155] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6155] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6153] <... futex resumed>) = 0 [pid 6153] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6153] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6154] <... futex resumed>) = 0 [pid 6154] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6154] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6153] <... futex resumed>) = 0 [pid 6153] exit_group(0) = ? [pid 6154] <... futex resumed>) = ? [pid 6154] +++ exited with 0 +++ [pid 6155] <... futex resumed>) = ? [pid 6155] +++ exited with 0 +++ [pid 6153] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6153, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./357", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./357", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./357/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./357/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./357/binderfs") = 0 [ 110.374177][ T6154] loop0: detected capacity change from 0 to 256 [ 110.384767][ T6154] exfat: Deprecated parameter 'utf8' [ 110.395904][ T6154] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./357/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./357/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./357/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./357/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./357/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./357/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./357") = 0 mkdir("./358", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6156 attached , child_tidptr=0x555556b3a6d0) = 6156 [pid 6156] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6156] chdir("./358") = 0 [pid 6156] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6156] setpgid(0, 0) = 0 [pid 6156] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6156] write(3, "1000", 4) = 4 [pid 6156] close(3) = 0 [pid 6156] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6156] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6156] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6156] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6157], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6157 [pid 6156] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6156] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6157 attached [pid 6157] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6157] memfd_create("syzkaller", 0) = 3 [pid 6157] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6157] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6157] munmap(0x7f2656609000, 131072) = 0 [pid 6157] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6157] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6157] close(3) = 0 [pid 6157] mkdir("./file2", 0777) = 0 [pid 6157] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6157] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6157] chdir("./file2") = 0 [pid 6157] ioctl(4, LOOP_CLR_FD) = 0 [pid 6157] close(4) = 0 [pid 6157] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6156] <... futex resumed>) = 0 [pid 6156] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6156] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6157] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6157] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6156] <... futex resumed>) = 0 [pid 6156] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6156] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6157] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6157] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6156] <... futex resumed>) = 0 [pid 6156] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6156] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6157] write(4, "\x00\x00", 2) = 2 [pid 6157] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6156] <... futex resumed>) = 0 [pid 6156] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6156] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6157] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6156] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6157] <... mmap resumed>) = 0x20000000 [pid 6156] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6157] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6158 attached [pid 6156] <... clone resumed>, parent_tid=[6158], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6158 [pid 6156] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6156] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6158] set_robust_list(0x7f26566289e0, 24 [pid 6157] <... futex resumed>) = 0 [pid 6157] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6158] <... set_robust_list resumed>) = 0 [pid 6158] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6158] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6158] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6156] <... futex resumed>) = 0 [pid 6156] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6157] <... futex resumed>) = 0 [pid 6156] <... futex resumed>) = 1 [pid 6157] getdents64(-1, [pid 6156] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6157] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6157] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6156] <... futex resumed>) = 0 [pid 6157] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6156] exit_group(0 [pid 6157] <... futex resumed>) = ? [pid 6156] <... exit_group resumed>) = ? [pid 6157] +++ exited with 0 +++ [pid 6158] +++ exited with 0 +++ [pid 6156] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6156, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./358", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./358", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./358/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./358/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./358/binderfs") = 0 [ 110.489311][ T6157] loop0: detected capacity change from 0 to 256 [ 110.499666][ T6157] exfat: Deprecated parameter 'utf8' [ 110.510653][ T6157] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./358/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./358/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./358/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./358/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./358/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./358/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./358") = 0 mkdir("./359", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6159 ./strace-static-x86_64: Process 6159 attached [pid 6159] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6159] chdir("./359") = 0 [pid 6159] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6159] setpgid(0, 0) = 0 [pid 6159] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6159] write(3, "1000", 4) = 4 [pid 6159] close(3) = 0 [pid 6159] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6159] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6159] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6159] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6159] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6160 attached , parent_tid=[6160], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6160 [pid 6160] set_robust_list(0x7f265ea299e0, 24 [pid 6159] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6160] <... set_robust_list resumed>) = 0 [pid 6159] <... futex resumed>) = 0 [pid 6159] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6160] memfd_create("syzkaller", 0) = 3 [pid 6160] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6160] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6160] munmap(0x7f2656609000, 131072) = 0 [pid 6160] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6160] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6160] close(3) = 0 [pid 6160] mkdir("./file2", 0777) = 0 [pid 6160] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6160] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6160] chdir("./file2") = 0 [pid 6160] ioctl(4, LOOP_CLR_FD) = 0 [pid 6160] close(4) = 0 [pid 6160] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6159] <... futex resumed>) = 0 [pid 6160] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6159] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6160] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6159] <... futex resumed>) = 0 [pid 6160] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6159] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6160] <... openat resumed>) = 4 [pid 6160] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6159] <... futex resumed>) = 0 [pid 6160] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6159] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6160] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6159] <... futex resumed>) = 0 [pid 6160] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6159] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6160] <... openat resumed>) = 5 [pid 6160] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6159] <... futex resumed>) = 0 [pid 6160] write(4, "\x00\x00", 2 [pid 6159] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6160] <... write resumed>) = 2 [pid 6159] <... futex resumed>) = 0 [pid 6160] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6159] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6160] <... futex resumed>) = 0 [pid 6159] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6160] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6159] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6160] <... mmap resumed>) = 0x20000000 [pid 6159] <... futex resumed>) = 0 [pid 6160] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6159] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6160] <... futex resumed>) = 0 [pid 6159] <... futex resumed>) = 0 [pid 6160] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6159] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6159] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6159] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6161], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6161 [pid 6159] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6159] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6161 attached [pid 6161] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6161] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6161] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6161] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6159] <... futex resumed>) = 0 [pid 6159] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6160] <... futex resumed>) = 0 [pid 6159] <... futex resumed>) = 1 [pid 6160] getdents64(-1, [pid 6159] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6160] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6160] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6159] <... futex resumed>) = 0 [pid 6160] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6159] exit_group(0 [pid 6160] <... futex resumed>) = ? [pid 6159] <... exit_group resumed>) = ? [pid 6160] +++ exited with 0 +++ [pid 6161] <... futex resumed>) = ? [pid 6161] +++ exited with 0 +++ [pid 6159] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6159, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./359", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./359", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./359/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./359/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./359/binderfs") = 0 umount2("./359/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./359/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./359/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./359/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./359/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 110.611857][ T6160] loop0: detected capacity change from 0 to 256 [ 110.620760][ T6160] exfat: Deprecated parameter 'utf8' [ 110.631284][ T6160] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./359/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./359") = 0 mkdir("./360", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6162 ./strace-static-x86_64: Process 6162 attached [pid 6162] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6162] chdir("./360") = 0 [pid 6162] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6162] setpgid(0, 0) = 0 [pid 6162] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6162] write(3, "1000", 4) = 4 [pid 6162] close(3) = 0 [pid 6162] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6162] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6162] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6162] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6162] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6163 attached , parent_tid=[6163], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6163 [pid 6163] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6163] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6162] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6163] <... futex resumed>) = 0 [pid 6163] memfd_create("syzkaller", 0 [pid 6162] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6163] <... memfd_create resumed>) = 3 [pid 6163] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6163] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6163] munmap(0x7f2656609000, 131072) = 0 [pid 6163] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6163] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6163] close(3) = 0 [pid 6163] mkdir("./file2", 0777) = 0 [pid 6163] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6163] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6163] chdir("./file2") = 0 [pid 6163] ioctl(4, LOOP_CLR_FD) = 0 [pid 6163] close(4) = 0 [pid 6163] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6162] <... futex resumed>) = 0 [pid 6162] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6163] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6162] <... futex resumed>) = 0 [pid 6162] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6163] <... openat resumed>) = 4 [pid 6163] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6162] <... futex resumed>) = 0 [pid 6162] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6162] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6163] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6163] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6162] <... futex resumed>) = 0 [pid 6162] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6162] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6163] write(4, "\x00\x00", 2) = 2 [pid 6163] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6162] <... futex resumed>) = 0 [pid 6162] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6162] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6162] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6162] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6162] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6164 attached , parent_tid=[6164], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6164 [pid 6164] set_robust_list(0x7f26566289e0, 24 [pid 6162] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6162] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6164] <... set_robust_list resumed>) = 0 [pid 6163] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6164] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6163] <... mmap resumed>) = 0x20000000 [pid 6163] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6163] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6164] <... openat resumed>) = 6 [pid 6164] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6162] <... futex resumed>) = 0 [pid 6162] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6163] <... futex resumed>) = 0 [pid 6162] <... futex resumed>) = 1 [pid 6162] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6163] getdents64(6, [pid 6164] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6163] <... getdents64 resumed>NULL, 32776) = -1 EFAULT (Bad address) [pid 6163] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6162] <... futex resumed>) = 0 [pid 6162] exit_group(0) = ? [pid 6163] +++ exited with 0 +++ [pid 6164] <... futex resumed>) = ? [pid 6164] +++ exited with 0 +++ [pid 6162] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6162, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./360", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./360", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./360/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./360/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./360/binderfs") = 0 umount2("./360/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 110.725073][ T6163] loop0: detected capacity change from 0 to 256 [ 110.734880][ T6163] exfat: Deprecated parameter 'utf8' [ 110.746412][ T6163] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./360/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./360/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./360/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./360/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./360/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./360") = 0 mkdir("./361", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6165 ./strace-static-x86_64: Process 6165 attached [pid 6165] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6165] chdir("./361") = 0 [pid 6165] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6165] setpgid(0, 0) = 0 [pid 6165] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6165] write(3, "1000", 4) = 4 [pid 6165] close(3) = 0 [pid 6165] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6165] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6165] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6165] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6165] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6166 attached , parent_tid=[6166], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6166 [pid 6166] set_robust_list(0x7f265ea299e0, 24 [pid 6165] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6166] <... set_robust_list resumed>) = 0 [pid 6165] <... futex resumed>) = 0 [pid 6166] memfd_create("syzkaller", 0 [pid 6165] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6166] <... memfd_create resumed>) = 3 [pid 6166] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6166] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6166] munmap(0x7f2656609000, 131072) = 0 [pid 6166] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6166] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6166] close(3) = 0 [pid 6166] mkdir("./file2", 0777) = 0 [pid 6166] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6166] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6166] chdir("./file2") = 0 [pid 6166] ioctl(4, LOOP_CLR_FD) = 0 [pid 6166] close(4) = 0 [pid 6166] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6165] <... futex resumed>) = 0 [pid 6165] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6165] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6166] <... futex resumed>) = 1 [pid 6166] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6166] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6165] <... futex resumed>) = 0 [pid 6165] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6165] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6166] <... futex resumed>) = 1 [pid 6166] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6166] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6165] <... futex resumed>) = 0 [pid 6165] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6165] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6166] <... futex resumed>) = 1 [pid 6166] write(4, "\x00\x00", 2) = 2 [pid 6166] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6165] <... futex resumed>) = 0 [pid 6165] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6165] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6165] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6165] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6165] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6167], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6167 [pid 6165] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6165] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6166] <... futex resumed>) = 1 [pid 6166] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6166] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6166] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6167 attached [pid 6167] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6167] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6167] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6167] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6165] <... futex resumed>) = 0 [pid 6165] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6165] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6166] <... futex resumed>) = 0 [pid 6166] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6166] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6165] <... futex resumed>) = 0 [pid 6165] exit_group(0) = ? [pid 6166] <... futex resumed>) = ? [pid 6166] +++ exited with 0 +++ [pid 6167] <... futex resumed>) = ? [pid 6167] +++ exited with 0 +++ [pid 6165] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6165, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./361", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./361", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./361/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./361/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./361/binderfs") = 0 umount2("./361/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./361/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./361/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./361/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./361/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./361/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./361") = 0 [ 110.860739][ T6166] loop0: detected capacity change from 0 to 256 [ 110.869624][ T6166] exfat: Deprecated parameter 'utf8' [ 110.879892][ T6166] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) mkdir("./362", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6168 ./strace-static-x86_64: Process 6168 attached [pid 6168] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6168] chdir("./362") = 0 [pid 6168] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6168] setpgid(0, 0) = 0 [pid 6168] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6168] write(3, "1000", 4) = 4 [pid 6168] close(3) = 0 [pid 6168] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6168] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6168] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6168] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6168] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6169 attached , parent_tid=[6169], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6169 [pid 6169] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6169] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6168] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6169] <... futex resumed>) = 0 [pid 6168] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6169] memfd_create("syzkaller", 0) = 3 [pid 6169] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6169] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6169] munmap(0x7f2656609000, 131072) = 0 [pid 6169] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6169] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6169] close(3) = 0 [pid 6169] mkdir("./file2", 0777) = 0 [pid 6169] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6169] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6169] chdir("./file2") = 0 [pid 6169] ioctl(4, LOOP_CLR_FD) = 0 [pid 6169] close(4) = 0 [pid 6169] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6168] <... futex resumed>) = 0 [pid 6168] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6168] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6169] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6169] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6168] <... futex resumed>) = 0 [pid 6168] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6168] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6169] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6169] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6168] <... futex resumed>) = 0 [pid 6168] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6168] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6169] write(4, "\x00\x00", 2) = 2 [pid 6169] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6168] <... futex resumed>) = 0 [pid 6168] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6168] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6168] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6169] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6168] <... mmap resumed>) = 0x7f2656608000 [pid 6168] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6169] <... mmap resumed>) = 0x20000000 [pid 6168] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6169] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6168] <... clone resumed>, parent_tid=[6170], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6170 [pid 6168] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6168] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6170 attached [pid 6170] set_robust_list(0x7f26566289e0, 24 [pid 6169] <... futex resumed>) = 0 [pid 6170] <... set_robust_list resumed>) = 0 [pid 6169] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6170] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6170] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6170] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6168] <... futex resumed>) = 0 [pid 6168] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6169] <... futex resumed>) = 0 [pid 6168] <... futex resumed>) = 1 [pid 6168] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6170] <... futex resumed>) = 1 [pid 6169] getdents64(-1, [pid 6170] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6169] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6169] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6169] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6168] <... futex resumed>) = 0 [pid 6168] exit_group(0 [pid 6169] <... futex resumed>) = ? [pid 6168] <... exit_group resumed>) = ? [pid 6169] +++ exited with 0 +++ [pid 6170] <... futex resumed>) = ? [pid 6170] +++ exited with 0 +++ [pid 6168] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6168, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./362", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./362", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./362/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./362/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./362/binderfs") = 0 [ 110.968943][ T6169] loop0: detected capacity change from 0 to 256 [ 110.977833][ T6169] exfat: Deprecated parameter 'utf8' [ 110.988905][ T6169] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./362/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./362/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./362/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./362/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./362/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./362/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./362") = 0 mkdir("./363", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6171 ./strace-static-x86_64: Process 6171 attached [pid 6171] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6171] chdir("./363") = 0 [pid 6171] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6171] setpgid(0, 0) = 0 [pid 6171] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6171] write(3, "1000", 4) = 4 [pid 6171] close(3) = 0 [pid 6171] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6171] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6171] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6171] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6171] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6172 attached , parent_tid=[6172], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6172 [pid 6171] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6171] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6172] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6172] memfd_create("syzkaller", 0) = 3 [pid 6172] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6172] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6172] munmap(0x7f2656609000, 131072) = 0 [pid 6172] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6172] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6172] close(3) = 0 [pid 6172] mkdir("./file2", 0777) = 0 [pid 6172] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6172] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6172] chdir("./file2") = 0 [pid 6172] ioctl(4, LOOP_CLR_FD) = 0 [pid 6172] close(4) = 0 [pid 6172] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6171] <... futex resumed>) = 0 [pid 6172] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6171] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6172] <... openat resumed>) = 4 [pid 6171] <... futex resumed>) = 0 [pid 6172] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6171] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6172] <... futex resumed>) = 0 [pid 6171] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6172] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6171] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6172] <... openat resumed>) = 5 [pid 6171] <... futex resumed>) = 0 [pid 6172] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6171] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6172] <... futex resumed>) = 0 [pid 6171] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6172] write(4, "\x00\x00", 2 [pid 6171] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6172] <... write resumed>) = 2 [pid 6171] <... futex resumed>) = 0 [pid 6172] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6171] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6172] <... futex resumed>) = 0 [pid 6171] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6172] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6171] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6172] <... mmap resumed>) = 0x20000000 [pid 6171] <... futex resumed>) = 0 [pid 6172] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6171] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6172] <... futex resumed>) = 0 [pid 6171] <... futex resumed>) = 0 [pid 6172] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6171] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6171] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6171] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6173], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6173 [pid 6171] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6171] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6173 attached [pid 6173] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6173] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6173] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6173] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6171] <... futex resumed>) = 0 [pid 6171] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6172] <... futex resumed>) = 0 [pid 6171] <... futex resumed>) = 1 [pid 6172] getdents64(-1, [pid 6171] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6172] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6172] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6173] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6172] <... futex resumed>) = 1 [pid 6171] <... futex resumed>) = 0 [pid 6172] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6171] exit_group(0 [pid 6173] <... futex resumed>) = ? [pid 6172] <... futex resumed>) = ? [pid 6171] <... exit_group resumed>) = ? [pid 6172] +++ exited with 0 +++ [pid 6173] +++ exited with 0 +++ [pid 6171] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6171, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./363", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./363", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./363/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./363/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./363/binderfs") = 0 [ 111.093583][ T6172] loop0: detected capacity change from 0 to 256 [ 111.103384][ T6172] exfat: Deprecated parameter 'utf8' [ 111.114845][ T6172] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./363/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./363/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./363/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./363/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./363/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./363/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./363") = 0 mkdir("./364", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6174 ./strace-static-x86_64: Process 6174 attached [pid 6174] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6174] chdir("./364") = 0 [pid 6174] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6174] setpgid(0, 0) = 0 [pid 6174] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6174] write(3, "1000", 4) = 4 [pid 6174] close(3) = 0 [pid 6174] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6174] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6174] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6174] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6175], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6175 [pid 6174] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6174] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6175 attached [pid 6175] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6175] memfd_create("syzkaller", 0) = 3 [pid 6175] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6175] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6175] munmap(0x7f2656609000, 131072) = 0 [pid 6175] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6175] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6175] close(3) = 0 [pid 6175] mkdir("./file2", 0777) = 0 [pid 6175] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6175] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6175] chdir("./file2") = 0 [pid 6175] ioctl(4, LOOP_CLR_FD) = 0 [pid 6175] close(4) = 0 [pid 6175] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6174] <... futex resumed>) = 0 [pid 6174] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6175] <... futex resumed>) = 1 [pid 6174] <... futex resumed>) = 0 [pid 6175] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6174] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6175] <... openat resumed>) = 4 [pid 6175] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6174] <... futex resumed>) = 0 [pid 6175] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6174] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6174] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6175] <... openat resumed>) = 5 [pid 6175] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6174] <... futex resumed>) = 0 [pid 6175] write(4, "\x00\x00", 2 [pid 6174] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6175] <... write resumed>) = 2 [pid 6174] <... futex resumed>) = 0 [pid 6175] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6174] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6175] <... futex resumed>) = 0 [pid 6174] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6175] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6174] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6175] <... mmap resumed>) = 0x20000000 [pid 6174] <... futex resumed>) = 0 [pid 6175] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6174] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6175] <... futex resumed>) = 0 [pid 6174] <... futex resumed>) = 0 [pid 6175] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6174] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6174] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6176 attached , parent_tid=[6176], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6176 [pid 6176] set_robust_list(0x7f26566289e0, 24 [pid 6174] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6174] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6176] <... set_robust_list resumed>) = 0 [pid 6176] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6176] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6176] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6174] <... futex resumed>) = 0 [pid 6174] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6175] <... futex resumed>) = 0 [pid 6174] <... futex resumed>) = 1 [pid 6175] getdents64(-1, [pid 6174] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6175] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6175] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6174] <... futex resumed>) = 0 [pid 6175] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6174] exit_group(0 [pid 6175] <... futex resumed>) = ? [pid 6174] <... exit_group resumed>) = ? [pid 6175] +++ exited with 0 +++ [pid 6176] +++ exited with 0 +++ [pid 6174] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6174, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./364", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./364", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./364/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./364/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./364/binderfs") = 0 [ 111.204117][ T6175] loop0: detected capacity change from 0 to 256 [ 111.213963][ T6175] exfat: Deprecated parameter 'utf8' [ 111.223863][ T6175] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./364/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./364/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./364/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./364/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./364/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./364/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./364") = 0 mkdir("./365", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6177 ./strace-static-x86_64: Process 6177 attached [pid 6177] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6177] chdir("./365") = 0 [pid 6177] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6177] setpgid(0, 0) = 0 [pid 6177] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6177] write(3, "1000", 4) = 4 [pid 6177] close(3) = 0 [pid 6177] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6177] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6177] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6177] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6177] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6178], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6178 [pid 6177] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6177] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6178 attached [pid 6178] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6178] memfd_create("syzkaller", 0) = 3 [pid 6178] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6178] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6178] munmap(0x7f2656609000, 131072) = 0 [pid 6178] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6178] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6178] close(3) = 0 [pid 6178] mkdir("./file2", 0777) = 0 [pid 6178] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6178] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6178] chdir("./file2") = 0 [pid 6178] ioctl(4, LOOP_CLR_FD) = 0 [pid 6178] close(4) = 0 [pid 6178] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6177] <... futex resumed>) = 0 [pid 6177] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6177] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6178] <... futex resumed>) = 1 [pid 6178] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6178] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6177] <... futex resumed>) = 0 [pid 6177] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6177] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6178] <... futex resumed>) = 1 [pid 6178] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6178] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6177] <... futex resumed>) = 0 [pid 6177] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6177] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6178] <... futex resumed>) = 1 [pid 6178] write(4, "\x00\x00", 2) = 2 [pid 6178] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6177] <... futex resumed>) = 0 [pid 6177] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6177] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6177] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6177] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6177] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6179], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6179 [pid 6177] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6177] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6179 attached [pid 6178] <... futex resumed>) = 1 [pid 6178] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6179] set_robust_list(0x7f26566289e0, 24 [pid 6178] <... mmap resumed>) = 0x20000000 [pid 6178] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6178] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6179] <... set_robust_list resumed>) = 0 [pid 6179] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6179] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6179] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6177] <... futex resumed>) = 0 [pid 6177] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6178] <... futex resumed>) = 0 [pid 6177] <... futex resumed>) = 1 [pid 6178] getdents64(-1, [pid 6177] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6178] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6178] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6177] <... futex resumed>) = 0 [pid 6179] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6178] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6177] exit_group(0 [pid 6178] <... futex resumed>) = ? [pid 6177] <... exit_group resumed>) = ? [pid 6179] <... futex resumed>) = ? [pid 6178] +++ exited with 0 +++ [pid 6179] +++ exited with 0 +++ [pid 6177] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6177, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./365", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./365", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./365/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./365/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./365/binderfs") = 0 umount2("./365/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./365/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./365/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./365/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./365/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./365/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./365") = 0 [ 111.311723][ T6178] loop0: detected capacity change from 0 to 256 [ 111.320871][ T6178] exfat: Deprecated parameter 'utf8' [ 111.330338][ T6178] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) mkdir("./366", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6180 ./strace-static-x86_64: Process 6180 attached [pid 6180] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6180] chdir("./366") = 0 [pid 6180] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6180] setpgid(0, 0) = 0 [pid 6180] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6180] write(3, "1000", 4) = 4 [pid 6180] close(3) = 0 [pid 6180] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6180] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6180] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6180] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6180] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6181 attached [pid 6181] set_robust_list(0x7f265ea299e0, 24 [pid 6180] <... clone resumed>, parent_tid=[6181], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6181 [pid 6180] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6181] <... set_robust_list resumed>) = 0 [pid 6180] <... futex resumed>) = 0 [pid 6180] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6181] memfd_create("syzkaller", 0) = 3 [pid 6181] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6181] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6181] munmap(0x7f2656609000, 131072) = 0 [pid 6181] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6181] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6181] close(3) = 0 [pid 6181] mkdir("./file2", 0777) = 0 [pid 6181] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6181] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6181] chdir("./file2") = 0 [pid 6181] ioctl(4, LOOP_CLR_FD) = 0 [pid 6181] close(4) = 0 [pid 6181] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6180] <... futex resumed>) = 0 [pid 6180] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6181] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6180] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6181] <... openat resumed>) = 4 [pid 6181] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6180] <... futex resumed>) = 0 [pid 6180] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6181] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6180] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6181] <... openat resumed>) = 5 [pid 6181] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6180] <... futex resumed>) = 0 [pid 6181] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6180] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6181] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6180] <... futex resumed>) = 0 [pid 6181] write(4, "\x00\x00", 2 [pid 6180] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6181] <... write resumed>) = 2 [pid 6181] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6180] <... futex resumed>) = 0 [pid 6180] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6181] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6180] <... futex resumed>) = 0 [pid 6181] <... mmap resumed>) = 0x20000000 [pid 6180] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6180] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6181] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6180] <... mmap resumed>) = 0x7f2656608000 [pid 6181] <... futex resumed>) = 0 [pid 6180] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6181] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6180] <... mprotect resumed>) = 0 [pid 6180] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6182 attached , parent_tid=[6182], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6182 [pid 6182] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6182] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6180] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6180] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6182] <... futex resumed>) = 0 [pid 6182] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6182] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6182] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6180] <... futex resumed>) = 0 [pid 6180] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6181] <... futex resumed>) = 0 [pid 6180] <... futex resumed>) = 1 [pid 6181] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6181] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6181] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6180] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6180] exit_group(0 [pid 6181] <... futex resumed>) = ? [pid 6180] <... exit_group resumed>) = ? [pid 6181] +++ exited with 0 +++ [pid 6182] <... futex resumed>) = ? [pid 6182] +++ exited with 0 +++ [pid 6180] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6180, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./366", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./366", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./366/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./366/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./366/binderfs") = 0 [ 111.424913][ T6181] loop0: detected capacity change from 0 to 256 [ 111.433659][ T6181] exfat: Deprecated parameter 'utf8' [ 111.444915][ T6181] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./366/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./366/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./366/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./366/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./366/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./366/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./366") = 0 mkdir("./367", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6183 ./strace-static-x86_64: Process 6183 attached [pid 6183] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6183] chdir("./367") = 0 [pid 6183] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6183] setpgid(0, 0) = 0 [pid 6183] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6183] write(3, "1000", 4) = 4 [pid 6183] close(3) = 0 [pid 6183] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6183] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6183] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6183] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6184], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6184 [pid 6183] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6183] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6184 attached [pid 6184] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6184] memfd_create("syzkaller", 0) = 3 [pid 6184] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6184] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6184] munmap(0x7f2656609000, 131072) = 0 [pid 6184] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6184] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6184] close(3) = 0 [pid 6184] mkdir("./file2", 0777) = 0 [pid 6184] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6184] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6184] chdir("./file2") = 0 [pid 6184] ioctl(4, LOOP_CLR_FD) = 0 [pid 6184] close(4) = 0 [pid 6184] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6183] <... futex resumed>) = 0 [pid 6184] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6183] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6184] <... futex resumed>) = 0 [pid 6183] <... futex resumed>) = 1 [pid 6184] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6183] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6184] <... openat resumed>) = 4 [pid 6184] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6183] <... futex resumed>) = 0 [pid 6184] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6183] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6184] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6183] <... futex resumed>) = 0 [pid 6184] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6183] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6184] <... openat resumed>) = 5 [pid 6184] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6183] <... futex resumed>) = 0 [pid 6184] write(4, "\x00\x00", 2 [pid 6183] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6184] <... write resumed>) = 2 [pid 6183] <... futex resumed>) = 0 [pid 6184] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6183] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6184] <... futex resumed>) = 0 [pid 6183] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6184] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6183] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6184] <... mmap resumed>) = 0x20000000 [pid 6183] <... futex resumed>) = 0 [pid 6184] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6183] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6184] <... futex resumed>) = 0 [pid 6183] <... futex resumed>) = 0 [pid 6184] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6183] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6183] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6185 attached , parent_tid=[6185], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6185 [pid 6183] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6183] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6185] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6185] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6185] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6185] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6183] <... futex resumed>) = 0 [pid 6185] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6183] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6184] <... futex resumed>) = 0 [pid 6183] <... futex resumed>) = 1 [pid 6184] getdents64(-1, [pid 6183] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6184] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6184] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6183] <... futex resumed>) = 0 [pid 6184] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6183] exit_group(0 [pid 6185] <... futex resumed>) = ? [pid 6184] <... futex resumed>) = ? [pid 6183] <... exit_group resumed>) = ? [pid 6185] +++ exited with 0 +++ [pid 6184] +++ exited with 0 +++ [pid 6183] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6183, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./367", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./367", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./367/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./367/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./367/binderfs") = 0 [ 111.542583][ T6184] loop0: detected capacity change from 0 to 256 [ 111.552453][ T6184] exfat: Deprecated parameter 'utf8' [ 111.562873][ T6184] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./367/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./367/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./367/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./367/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./367/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./367/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./367") = 0 mkdir("./368", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6186 ./strace-static-x86_64: Process 6186 attached [pid 6186] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6186] chdir("./368") = 0 [pid 6186] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6186] setpgid(0, 0) = 0 [pid 6186] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6186] write(3, "1000", 4) = 4 [pid 6186] close(3) = 0 [pid 6186] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6186] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6186] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6186] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6187 attached [pid 6187] set_robust_list(0x7f265ea299e0, 24 [pid 6186] <... clone resumed>, parent_tid=[6187], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6187 [pid 6187] <... set_robust_list resumed>) = 0 [pid 6186] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6186] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6187] memfd_create("syzkaller", 0) = 3 [pid 6187] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6187] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6187] munmap(0x7f2656609000, 131072) = 0 [pid 6187] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6187] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6187] close(3) = 0 [pid 6187] mkdir("./file2", 0777) = 0 [pid 6187] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6187] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6187] chdir("./file2") = 0 [pid 6187] ioctl(4, LOOP_CLR_FD) = 0 [pid 6187] close(4) = 0 [pid 6187] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6186] <... futex resumed>) = 0 [pid 6187] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6186] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6186] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6187] <... openat resumed>) = 4 [pid 6187] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6186] <... futex resumed>) = 0 [pid 6186] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6186] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6187] <... futex resumed>) = 1 [pid 6187] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6187] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6186] <... futex resumed>) = 0 [pid 6187] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6186] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6186] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6187] <... futex resumed>) = 0 [pid 6187] write(4, "\x00\x00", 2) = 2 [pid 6187] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6186] <... futex resumed>) = 0 [pid 6186] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6186] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6186] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6186] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6188 attached , parent_tid=[6188], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6188 [pid 6186] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6186] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6187] <... futex resumed>) = 1 [pid 6187] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6188] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6187] <... mmap resumed>) = 0x20000000 [pid 6188] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6187] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6187] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6188] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6188] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6186] <... futex resumed>) = 0 [pid 6186] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6186] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6187] <... futex resumed>) = 0 [pid 6187] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6187] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6186] <... futex resumed>) = 0 [pid 6186] exit_group(0) = ? [pid 6187] <... futex resumed>) = ? [pid 6187] +++ exited with 0 +++ [pid 6188] <... futex resumed>) = ? [pid 6188] +++ exited with 0 +++ [pid 6186] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6186, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./368", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./368", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./368/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./368/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./368/binderfs") = 0 [ 111.666994][ T6187] loop0: detected capacity change from 0 to 256 [ 111.677482][ T6187] exfat: Deprecated parameter 'utf8' [ 111.688694][ T6187] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./368/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./368/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./368/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./368/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./368/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./368/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./368") = 0 mkdir("./369", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6189 ./strace-static-x86_64: Process 6189 attached [pid 6189] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6189] chdir("./369") = 0 [pid 6189] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6189] setpgid(0, 0) = 0 [pid 6189] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6189] write(3, "1000", 4) = 4 [pid 6189] close(3) = 0 [pid 6189] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6189] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6189] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6189] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6190], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6190 ./strace-static-x86_64: Process 6190 attached [pid 6190] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6190] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6189] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6190] <... futex resumed>) = 0 [pid 6189] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6190] memfd_create("syzkaller", 0) = 3 [pid 6190] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6190] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6190] munmap(0x7f2656609000, 131072) = 0 [pid 6190] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6190] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6190] close(3) = 0 [pid 6190] mkdir("./file2", 0777) = 0 [pid 6190] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6190] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6190] chdir("./file2") = 0 [pid 6190] ioctl(4, LOOP_CLR_FD) = 0 [pid 6190] close(4) = 0 [pid 6190] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6189] <... futex resumed>) = 0 [pid 6189] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6190] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6189] <... futex resumed>) = 0 [pid 6189] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6190] <... openat resumed>) = 4 [pid 6190] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6189] <... futex resumed>) = 0 [pid 6189] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6189] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6190] <... futex resumed>) = 1 [pid 6190] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6190] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6189] <... futex resumed>) = 0 [pid 6189] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6189] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6190] <... futex resumed>) = 1 [pid 6190] write(4, "\x00\x00", 2) = 2 [pid 6190] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6189] <... futex resumed>) = 0 [pid 6189] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6189] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6189] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6189] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6191 attached , parent_tid=[6191], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6191 [pid 6189] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6189] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6190] <... futex resumed>) = 1 [pid 6190] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6191] set_robust_list(0x7f26566289e0, 24 [pid 6190] <... mmap resumed>) = 0x20000000 [pid 6190] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6190] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6191] <... set_robust_list resumed>) = 0 [pid 6191] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6191] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6191] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6189] <... futex resumed>) = 0 [pid 6189] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6189] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6190] <... futex resumed>) = 0 [pid 6190] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6190] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6189] <... futex resumed>) = 0 [pid 6189] exit_group(0) = ? [pid 6190] <... futex resumed>) = ? [pid 6190] +++ exited with 0 +++ [pid 6191] <... futex resumed>) = ? [pid 6191] +++ exited with 0 +++ [pid 6189] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6189, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./369", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./369", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./369/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./369/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./369/binderfs") = 0 [ 111.809715][ T6190] loop0: detected capacity change from 0 to 256 [ 111.820215][ T6190] exfat: Deprecated parameter 'utf8' [ 111.830702][ T6190] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./369/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./369/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./369/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./369/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./369/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./369/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./369") = 0 mkdir("./370", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6192 ./strace-static-x86_64: Process 6192 attached [pid 6192] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6192] chdir("./370") = 0 [pid 6192] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6192] setpgid(0, 0) = 0 [pid 6192] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6192] write(3, "1000", 4) = 4 [pid 6192] close(3) = 0 [pid 6192] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6192] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6192] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6192] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6192] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6193], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6193 [pid 6192] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6192] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6193 attached [pid 6193] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6193] memfd_create("syzkaller", 0) = 3 [pid 6193] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6193] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6193] munmap(0x7f2656609000, 131072) = 0 [pid 6193] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6193] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6193] close(3) = 0 [pid 6193] mkdir("./file2", 0777) = 0 [pid 6193] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6193] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6193] chdir("./file2") = 0 [pid 6193] ioctl(4, LOOP_CLR_FD) = 0 [pid 6193] close(4) = 0 [pid 6193] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6192] <... futex resumed>) = 0 [pid 6192] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6192] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6193] <... futex resumed>) = 1 [pid 6193] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6193] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6192] <... futex resumed>) = 0 [pid 6192] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6192] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6193] <... futex resumed>) = 1 [pid 6193] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6193] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6192] <... futex resumed>) = 0 [pid 6192] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6192] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6193] <... futex resumed>) = 1 [pid 6193] write(4, "\x00\x00", 2) = 2 [pid 6193] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6192] <... futex resumed>) = 0 [pid 6192] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6192] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6192] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6192] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6192] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6194], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6194 [pid 6192] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6192] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6193] <... futex resumed>) = 1 [pid 6193] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6193] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6193] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6194 attached [pid 6194] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6194] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6194] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6194] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6192] <... futex resumed>) = 0 [pid 6192] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6192] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6193] <... futex resumed>) = 0 [pid 6193] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6193] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6192] <... futex resumed>) = 0 [pid 6192] exit_group(0) = ? [pid 6193] <... futex resumed>) = ? [pid 6193] +++ exited with 0 +++ [pid 6194] +++ exited with 0 +++ [pid 6192] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6192, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./370", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./370", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./370/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./370/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./370/binderfs") = 0 umount2("./370/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./370/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./370/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./370/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./370/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 111.930198][ T6193] loop0: detected capacity change from 0 to 256 [ 111.939436][ T6193] exfat: Deprecated parameter 'utf8' [ 111.951554][ T6193] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./370/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./370") = 0 mkdir("./371", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6195 attached , child_tidptr=0x555556b3a6d0) = 6195 [pid 6195] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6195] chdir("./371") = 0 [pid 6195] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6195] setpgid(0, 0) = 0 [pid 6195] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6195] write(3, "1000", 4) = 4 [pid 6195] close(3) = 0 [pid 6195] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6195] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6195] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6195] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6195] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6196 attached , parent_tid=[6196], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6196 [pid 6196] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6195] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6196] memfd_create("syzkaller", 0 [pid 6195] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6196] <... memfd_create resumed>) = 3 [pid 6196] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6196] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6196] munmap(0x7f2656609000, 131072) = 0 [pid 6196] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6196] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6196] close(3) = 0 [pid 6196] mkdir("./file2", 0777) = 0 [pid 6196] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6196] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6196] chdir("./file2") = 0 [pid 6196] ioctl(4, LOOP_CLR_FD) = 0 [pid 6196] close(4) = 0 [pid 6196] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6196] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6195] <... futex resumed>) = 0 [pid 6195] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6196] <... futex resumed>) = 0 [pid 6196] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6195] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6196] <... openat resumed>) = 4 [pid 6196] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6195] <... futex resumed>) = 0 [pid 6196] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6195] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6195] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6196] <... openat resumed>) = 5 [pid 6196] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6195] <... futex resumed>) = 0 [pid 6196] write(4, "\x00\x00", 2 [pid 6195] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6195] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6196] <... write resumed>) = 2 [pid 6196] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6195] <... futex resumed>) = 0 [pid 6196] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6195] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6195] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6195] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6195] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6196] <... mmap resumed>) = 0x20000000 [pid 6196] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6195] <... mprotect resumed>) = 0 [pid 6196] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6195] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6197], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6197 [pid 6195] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6197 attached ) = 0 [pid 6197] set_robust_list(0x7f26566289e0, 24 [pid 6195] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6197] <... set_robust_list resumed>) = 0 [pid 6197] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6197] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6197] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6195] <... futex resumed>) = 0 [pid 6197] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6195] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6196] <... futex resumed>) = 0 [pid 6195] <... futex resumed>) = 1 [pid 6196] getdents64(-1, [pid 6195] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6196] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6196] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6195] <... futex resumed>) = 0 [pid 6196] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6195] exit_group(0) = ? [pid 6196] <... futex resumed>) = ? [pid 6197] <... futex resumed>) = ? [pid 6197] +++ exited with 0 +++ [pid 6196] +++ exited with 0 +++ [pid 6195] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6195, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./371", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./371", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./371/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./371/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./371/binderfs") = 0 umount2("./371/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./371/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./371/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./371/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./371/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./371/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./371") = 0 mkdir("./372", 0777) = 0 [ 112.050799][ T6196] loop0: detected capacity change from 0 to 256 [ 112.059821][ T6196] exfat: Deprecated parameter 'utf8' [ 112.070202][ T6196] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6198 ./strace-static-x86_64: Process 6198 attached [pid 6198] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6198] chdir("./372") = 0 [pid 6198] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6198] setpgid(0, 0) = 0 [pid 6198] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6198] write(3, "1000", 4) = 4 [pid 6198] close(3) = 0 [pid 6198] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6198] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6198] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6198] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6198] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6199 attached [pid 6199] set_robust_list(0x7f265ea299e0, 24 [pid 6198] <... clone resumed>, parent_tid=[6199], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6199 [pid 6199] <... set_robust_list resumed>) = 0 [pid 6199] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6198] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6199] <... futex resumed>) = 0 [pid 6199] memfd_create("syzkaller", 0 [pid 6198] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6199] <... memfd_create resumed>) = 3 [pid 6199] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6199] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6199] munmap(0x7f2656609000, 131072) = 0 [pid 6199] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6199] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6199] close(3) = 0 [pid 6199] mkdir("./file2", 0777) = 0 [pid 6199] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6199] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6199] chdir("./file2") = 0 [pid 6199] ioctl(4, LOOP_CLR_FD) = 0 [pid 6199] close(4) = 0 [pid 6199] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6198] <... futex resumed>) = 0 [pid 6198] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6198] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6199] <... futex resumed>) = 1 [pid 6199] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6199] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6198] <... futex resumed>) = 0 [pid 6198] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6198] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6199] <... futex resumed>) = 1 [pid 6199] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6199] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6198] <... futex resumed>) = 0 [pid 6198] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6198] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6199] <... futex resumed>) = 1 [pid 6199] write(4, "\x00\x00", 2) = 2 [pid 6199] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6198] <... futex resumed>) = 0 [pid 6198] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6198] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6198] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6198] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6198] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6200 attached , parent_tid=[6200], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6200 [pid 6198] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6198] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6200] set_robust_list(0x7f26566289e0, 24 [pid 6199] <... futex resumed>) = 1 [pid 6199] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6200] <... set_robust_list resumed>) = 0 [pid 6199] <... mmap resumed>) = 0x20000000 [pid 6200] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6199] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6199] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6200] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6200] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6198] <... futex resumed>) = 0 [pid 6198] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6198] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6199] <... futex resumed>) = 0 [pid 6199] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6199] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6198] <... futex resumed>) = 0 [pid 6198] exit_group(0) = ? [pid 6199] <... futex resumed>) = ? [pid 6199] +++ exited with 0 +++ [pid 6200] <... futex resumed>) = ? [pid 6200] +++ exited with 0 +++ [pid 6198] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6198, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./372", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./372", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./372/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./372/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./372/binderfs") = 0 [ 112.164889][ T6199] loop0: detected capacity change from 0 to 256 [ 112.175734][ T6199] exfat: Deprecated parameter 'utf8' [ 112.186991][ T6199] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./372/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./372/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./372/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./372/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./372/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./372/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./372") = 0 mkdir("./373", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6201 ./strace-static-x86_64: Process 6201 attached [pid 6201] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6201] chdir("./373") = 0 [pid 6201] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6201] setpgid(0, 0) = 0 [pid 6201] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6201] write(3, "1000", 4) = 4 [pid 6201] close(3) = 0 [pid 6201] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6201] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6201] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6201] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6201] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6202], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6202 [pid 6201] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6201] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6202 attached [pid 6202] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6202] memfd_create("syzkaller", 0) = 3 [pid 6202] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6202] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6202] munmap(0x7f2656609000, 131072) = 0 [pid 6202] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6202] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6202] close(3) = 0 [pid 6202] mkdir("./file2", 0777) = 0 [pid 6202] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6202] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6202] chdir("./file2") = 0 [pid 6202] ioctl(4, LOOP_CLR_FD) = 0 [pid 6202] close(4) = 0 [pid 6202] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6201] <... futex resumed>) = 0 [pid 6202] <... futex resumed>) = 1 [pid 6201] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6201] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6202] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6202] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6201] <... futex resumed>) = 0 [pid 6202] <... futex resumed>) = 1 [pid 6201] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6202] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6201] <... futex resumed>) = 0 [pid 6201] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6202] <... openat resumed>) = 5 [pid 6202] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6201] <... futex resumed>) = 0 [pid 6202] write(4, "\x00\x00", 2 [pid 6201] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6202] <... write resumed>) = 2 [pid 6201] <... futex resumed>) = 0 [pid 6202] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6201] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6202] <... futex resumed>) = 0 [pid 6201] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6202] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6201] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6202] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6201] <... futex resumed>) = 0 [pid 6202] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6201] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6201] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6202] <... mmap resumed>) = 0x20000000 [pid 6201] <... mmap resumed>) = 0x7f2656608000 [pid 6202] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6201] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6202] <... futex resumed>) = 0 [pid 6202] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6201] <... mprotect resumed>) = 0 [pid 6201] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6203], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6203 [pid 6201] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6201] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6203 attached [pid 6203] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6203] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6203] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6203] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6201] <... futex resumed>) = 0 [pid 6203] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6201] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6201] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6202] <... futex resumed>) = 0 [pid 6202] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6202] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6201] <... futex resumed>) = 0 [pid 6201] exit_group(0) = ? [pid 6203] <... futex resumed>) = ? [pid 6203] +++ exited with 0 +++ [pid 6202] <... futex resumed>) = ? [ 112.267556][ T6202] loop0: detected capacity change from 0 to 256 [ 112.271603][ T5080] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 112.276902][ T6202] exfat: Deprecated parameter 'utf8' [ 112.296040][ T6202] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6202] +++ exited with 0 +++ [pid 6201] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6201, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./373", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./373", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./373/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./373/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./373/binderfs") = 0 umount2("./373/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./373/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./373/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./373/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./373/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./373/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./373") = 0 mkdir("./374", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6204 ./strace-static-x86_64: Process 6204 attached [pid 6204] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6204] chdir("./374") = 0 [pid 6204] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6204] setpgid(0, 0) = 0 [pid 6204] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6204] write(3, "1000", 4) = 4 [pid 6204] close(3) = 0 [pid 6204] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6204] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6204] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6204] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6204] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6205 attached , parent_tid=[6205], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6205 [pid 6205] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6205] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6204] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6205] <... futex resumed>) = 0 [pid 6204] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6205] memfd_create("syzkaller", 0) = 3 [pid 6205] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6205] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6205] munmap(0x7f2656609000, 131072) = 0 [pid 6205] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6205] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6205] close(3) = 0 [pid 6205] mkdir("./file2", 0777) = 0 [pid 6205] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6205] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6205] chdir("./file2") = 0 [pid 6205] ioctl(4, LOOP_CLR_FD) = 0 [pid 6205] close(4) = 0 [pid 6205] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6204] <... futex resumed>) = 0 [pid 6205] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6204] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6205] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6205] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6204] <... futex resumed>) = 0 [pid 6205] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6205] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6204] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6204] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6205] <... futex resumed>) = 0 [pid 6204] <... futex resumed>) = 1 [pid 6205] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6204] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6205] <... openat resumed>) = 5 [pid 6205] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6204] <... futex resumed>) = 0 [pid 6205] write(4, "\x00\x00", 2 [pid 6204] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6205] <... write resumed>) = 2 [pid 6204] <... futex resumed>) = 0 [pid 6205] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6204] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6205] <... futex resumed>) = 0 [pid 6204] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6205] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6204] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6205] <... mmap resumed>) = 0x20000000 [pid 6204] <... futex resumed>) = 0 [pid 6205] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6204] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6205] <... futex resumed>) = 0 [pid 6204] <... futex resumed>) = 0 [pid 6205] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6204] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6204] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6204] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6206], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6206 ./strace-static-x86_64: Process 6206 attached [pid 6204] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6204] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6206] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6206] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6206] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6206] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6204] <... futex resumed>) = 0 [pid 6206] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6204] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6205] <... futex resumed>) = 0 [pid 6204] <... futex resumed>) = 1 [pid 6205] getdents64(-1, [pid 6204] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6205] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6205] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6204] <... futex resumed>) = 0 [pid 6205] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6204] exit_group(0 [pid 6206] <... futex resumed>) = ? [pid 6205] <... futex resumed>) = ? [pid 6204] <... exit_group resumed>) = ? [pid 6206] +++ exited with 0 +++ [pid 6205] +++ exited with 0 +++ [pid 6204] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6204, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./374", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./374", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./374/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./374/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./374/binderfs") = 0 [ 112.404273][ T6205] loop0: detected capacity change from 0 to 256 [ 112.414093][ T6205] exfat: Deprecated parameter 'utf8' [ 112.423722][ T6205] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./374/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./374/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./374/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./374/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./374/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./374/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./374") = 0 mkdir("./375", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6207 attached , child_tidptr=0x555556b3a6d0) = 6207 [pid 6207] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6207] chdir("./375") = 0 [pid 6207] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6207] setpgid(0, 0) = 0 [pid 6207] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6207] write(3, "1000", 4) = 4 [pid 6207] close(3) = 0 [pid 6207] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6207] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6207] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6207] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6207] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6208 attached , parent_tid=[6208], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6208 [pid 6208] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6208] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6207] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6208] <... futex resumed>) = 0 [pid 6207] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6208] memfd_create("syzkaller", 0) = 3 [pid 6208] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6208] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6208] munmap(0x7f2656609000, 131072) = 0 [pid 6208] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6208] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6208] close(3) = 0 [pid 6208] mkdir("./file2", 0777) = 0 [pid 6208] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6208] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6208] chdir("./file2") = 0 [pid 6208] ioctl(4, LOOP_CLR_FD) = 0 [pid 6208] close(4) = 0 [pid 6208] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6207] <... futex resumed>) = 0 [pid 6207] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6207] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6208] <... futex resumed>) = 1 [pid 6208] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6208] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6207] <... futex resumed>) = 0 [pid 6208] <... futex resumed>) = 1 [pid 6207] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6208] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6207] <... futex resumed>) = 0 [pid 6207] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6208] <... openat resumed>) = 5 [pid 6208] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6207] <... futex resumed>) = 0 [pid 6208] <... futex resumed>) = 1 [pid 6207] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6208] write(4, "\x00\x00", 2 [pid 6207] <... futex resumed>) = 0 [pid 6208] <... write resumed>) = 2 [pid 6207] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6208] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6207] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6208] <... futex resumed>) = 0 [pid 6207] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6208] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6207] <... futex resumed>) = 0 [pid 6207] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6207] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6208] <... mmap resumed>) = 0x20000000 [pid 6207] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6208] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6207] <... mprotect resumed>) = 0 [pid 6208] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6207] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6209 attached [pid 6209] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6209] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6207] <... clone resumed>, parent_tid=[6209], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6209 [pid 6207] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6209] <... futex resumed>) = 0 [pid 6209] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6209] openat(AT_FDCWD, "", O_RDONLY [pid 6207] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6209] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 6209] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6209] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6207] <... futex resumed>) = 0 [pid 6207] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6208] <... futex resumed>) = 0 [pid 6207] <... futex resumed>) = 1 [pid 6207] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6208] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6208] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6207] <... futex resumed>) = 0 [pid 6208] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6207] exit_group(0 [pid 6208] <... futex resumed>) = ? [pid 6207] <... exit_group resumed>) = ? [pid 6208] +++ exited with 0 +++ [pid 6209] <... futex resumed>) = ? [pid 6209] +++ exited with 0 +++ [pid 6207] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6207, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./375", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./375", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./375/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./375/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./375/binderfs") = 0 [ 112.529982][ T6208] loop0: detected capacity change from 0 to 256 [ 112.538527][ T6208] exfat: Deprecated parameter 'utf8' [ 112.550185][ T6208] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./375/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./375/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./375/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./375/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./375/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./375/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./375") = 0 mkdir("./376", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6210 ./strace-static-x86_64: Process 6210 attached [pid 6210] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6210] chdir("./376") = 0 [pid 6210] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6210] setpgid(0, 0) = 0 [pid 6210] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6210] write(3, "1000", 4) = 4 [pid 6210] close(3) = 0 [pid 6210] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6210] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6210] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6210] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6210] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6211], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6211 [pid 6210] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6210] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6211 attached [pid 6211] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6211] memfd_create("syzkaller", 0) = 3 [pid 6211] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6211] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6211] munmap(0x7f2656609000, 131072) = 0 [pid 6211] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6211] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6211] close(3) = 0 [pid 6211] mkdir("./file2", 0777) = 0 [pid 6211] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6211] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6211] chdir("./file2") = 0 [pid 6211] ioctl(4, LOOP_CLR_FD) = 0 [pid 6211] close(4) = 0 [pid 6211] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6211] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6210] <... futex resumed>) = 0 [pid 6210] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6210] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6211] <... futex resumed>) = 0 [pid 6211] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6211] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6210] <... futex resumed>) = 0 [pid 6210] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6210] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6211] <... futex resumed>) = 1 [pid 6211] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6211] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6210] <... futex resumed>) = 0 [pid 6210] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6210] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6211] <... futex resumed>) = 1 [pid 6211] write(4, "\x00\x00", 2) = 2 [pid 6211] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6210] <... futex resumed>) = 0 [pid 6210] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6210] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6210] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6210] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6210] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6212], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6212 [pid 6210] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6210] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6211] <... futex resumed>) = 1 [pid 6211] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6211] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6211] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6212 attached [pid 6212] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6212] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6212] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6212] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6210] <... futex resumed>) = 0 [pid 6212] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6210] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6211] <... futex resumed>) = 0 [pid 6210] <... futex resumed>) = 1 [pid 6210] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6211] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6211] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6210] <... futex resumed>) = 0 [pid 6211] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6210] exit_group(0) = ? [pid 6211] <... futex resumed>) = ? [pid 6211] +++ exited with 0 +++ [pid 6212] <... futex resumed>) = ? [pid 6212] +++ exited with 0 +++ [pid 6210] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6210, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./376", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./376", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./376/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./376/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./376/binderfs") = 0 umount2("./376/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./376/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 112.632833][ T6211] loop0: detected capacity change from 0 to 256 [ 112.639503][ T5080] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 112.643360][ T6211] exfat: Deprecated parameter 'utf8' [ 112.661120][ T6211] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) lstat("./376/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./376/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./376/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./376/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./376") = 0 mkdir("./377", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6213 ./strace-static-x86_64: Process 6213 attached [pid 6213] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6213] chdir("./377") = 0 [pid 6213] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6213] setpgid(0, 0) = 0 [pid 6213] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6213] write(3, "1000", 4) = 4 [pid 6213] close(3) = 0 [pid 6213] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6213] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6213] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6213] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6213] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6214 attached , parent_tid=[6214], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6214 [pid 6213] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6213] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6214] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6214] memfd_create("syzkaller", 0) = 3 [pid 6214] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6214] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6214] munmap(0x7f2656609000, 131072) = 0 [pid 6214] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6214] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6214] close(3) = 0 [pid 6214] mkdir("./file2", 0777) = 0 [pid 6214] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6214] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6214] chdir("./file2") = 0 [pid 6214] ioctl(4, LOOP_CLR_FD) = 0 [pid 6214] close(4) = 0 [pid 6214] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6214] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6213] <... futex resumed>) = 0 [pid 6213] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6214] <... futex resumed>) = 0 [pid 6213] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6214] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6214] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6213] <... futex resumed>) = 0 [pid 6214] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6213] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6214] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6213] <... futex resumed>) = 0 [pid 6214] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6213] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6214] <... openat resumed>) = 5 [pid 6214] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6213] <... futex resumed>) = 0 [pid 6214] write(4, "\x00\x00", 2 [pid 6213] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6214] <... write resumed>) = 2 [pid 6213] <... futex resumed>) = 0 [pid 6214] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6213] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6213] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6214] <... futex resumed>) = 0 [pid 6213] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6214] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6213] <... futex resumed>) = 0 [pid 6214] <... mmap resumed>) = 0x20000000 [pid 6213] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6214] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6214] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6213] <... mmap resumed>) = 0x7f2656608000 [pid 6213] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6213] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6215 attached [pid 6215] set_robust_list(0x7f26566289e0, 24 [pid 6213] <... clone resumed>, parent_tid=[6215], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6215 [pid 6213] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6213] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6215] <... set_robust_list resumed>) = 0 [pid 6215] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6215] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6215] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6213] <... futex resumed>) = 0 [pid 6213] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6215] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6214] <... futex resumed>) = 0 [pid 6213] <... futex resumed>) = 1 [pid 6213] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6214] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6214] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6213] <... futex resumed>) = 0 [pid 6214] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6213] exit_group(0 [pid 6214] <... futex resumed>) = ? [pid 6213] <... exit_group resumed>) = ? [pid 6214] +++ exited with 0 +++ [pid 6215] <... futex resumed>) = ? [pid 6215] +++ exited with 0 +++ [pid 6213] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6213, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./377", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./377", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./377/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./377/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./377/binderfs") = 0 [ 112.757449][ T6214] loop0: detected capacity change from 0 to 256 [ 112.768538][ T6214] exfat: Deprecated parameter 'utf8' [ 112.779274][ T6214] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./377/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./377/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./377/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./377/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./377/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./377/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./377") = 0 mkdir("./378", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6216 ./strace-static-x86_64: Process 6216 attached [pid 6216] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6216] chdir("./378") = 0 [pid 6216] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6216] setpgid(0, 0) = 0 [pid 6216] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6216] write(3, "1000", 4) = 4 [pid 6216] close(3) = 0 [pid 6216] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6216] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6216] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6216] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6216] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6217], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6217 ./strace-static-x86_64: Process 6217 attached [pid 6217] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6217] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6216] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6217] <... futex resumed>) = 0 [pid 6216] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6217] memfd_create("syzkaller", 0) = 3 [pid 6217] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6217] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6217] munmap(0x7f2656609000, 131072) = 0 [pid 6217] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6217] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6217] close(3) = 0 [pid 6217] mkdir("./file2", 0777) = 0 [pid 6217] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6217] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6217] chdir("./file2") = 0 [pid 6217] ioctl(4, LOOP_CLR_FD) = 0 [pid 6217] close(4) = 0 [pid 6217] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6216] <... futex resumed>) = 0 [pid 6216] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6216] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6217] <... futex resumed>) = 1 [pid 6217] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6217] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6216] <... futex resumed>) = 0 [pid 6216] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6216] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6217] <... futex resumed>) = 1 [pid 6217] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6217] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6216] <... futex resumed>) = 0 [pid 6216] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6216] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6217] <... futex resumed>) = 1 [pid 6217] write(4, "\x00\x00", 2) = 2 [pid 6217] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6216] <... futex resumed>) = 0 [pid 6216] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6216] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6216] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6216] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6217] <... futex resumed>) = 1 [pid 6216] <... mprotect resumed>) = 0 [pid 6217] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6216] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6218 attached [pid 6217] <... mmap resumed>) = 0x20000000 [pid 6216] <... clone resumed>, parent_tid=[6218], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6218 [pid 6216] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6217] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6216] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6217] <... futex resumed>) = 0 [pid 6217] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6218] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6218] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6218] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6218] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6216] <... futex resumed>) = 0 [pid 6218] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6216] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6217] <... futex resumed>) = 0 [pid 6216] <... futex resumed>) = 1 [pid 6217] getdents64(-1, [pid 6216] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6217] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6217] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6216] <... futex resumed>) = 0 [pid 6217] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6216] exit_group(0 [pid 6218] <... futex resumed>) = ? [pid 6217] <... futex resumed>) = ? [pid 6216] <... exit_group resumed>) = ? [pid 6218] +++ exited with 0 +++ [pid 6217] +++ exited with 0 +++ [pid 6216] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6216, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./378", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./378", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./378/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./378/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./378/binderfs") = 0 [ 112.887915][ T6217] loop0: detected capacity change from 0 to 256 [ 112.896909][ T6217] exfat: Deprecated parameter 'utf8' [ 112.907090][ T6217] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./378/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./378/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./378/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./378/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./378/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./378/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./378") = 0 mkdir("./379", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6219 ./strace-static-x86_64: Process 6219 attached [pid 6219] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6219] chdir("./379") = 0 [pid 6219] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6219] setpgid(0, 0) = 0 [pid 6219] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6219] write(3, "1000", 4) = 4 [pid 6219] close(3) = 0 [pid 6219] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6219] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6219] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6219] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6219] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6220 attached , parent_tid=[6220], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6220 [pid 6220] set_robust_list(0x7f265ea299e0, 24 [pid 6219] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6220] <... set_robust_list resumed>) = 0 [pid 6219] <... futex resumed>) = 0 [pid 6219] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6220] memfd_create("syzkaller", 0) = 3 [pid 6220] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6220] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6220] munmap(0x7f2656609000, 131072) = 0 [pid 6220] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6220] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6220] close(3) = 0 [pid 6220] mkdir("./file2", 0777) = 0 [pid 6220] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6220] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6220] chdir("./file2") = 0 [pid 6220] ioctl(4, LOOP_CLR_FD) = 0 [pid 6220] close(4) = 0 [pid 6220] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6219] <... futex resumed>) = 0 [pid 6219] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6219] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6220] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6220] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6219] <... futex resumed>) = 0 [pid 6219] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6219] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6220] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6220] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6219] <... futex resumed>) = 0 [pid 6219] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6219] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6220] write(4, "\x00\x00", 2) = 2 [pid 6220] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6219] <... futex resumed>) = 0 [pid 6219] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6219] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6219] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6219] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6219] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6221], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6221 [pid 6219] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6221 attached [pid 6219] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6221] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6221] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6220] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6220] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6220] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6221] <... openat resumed>) = 6 [pid 6221] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6219] <... futex resumed>) = 0 [pid 6219] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6220] <... futex resumed>) = 0 [pid 6219] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6220] getdents64(6, [pid 6221] <... futex resumed>) = 1 [pid 6221] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6220] <... getdents64 resumed>NULL, 32776) = -1 EFAULT (Bad address) [pid 6220] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6219] <... futex resumed>) = 0 [pid 6220] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6219] exit_group(0 [pid 6221] <... futex resumed>) = ? [pid 6219] <... exit_group resumed>) = ? [pid 6220] <... futex resumed>) = ? [pid 6221] +++ exited with 0 +++ [pid 6220] +++ exited with 0 +++ [pid 6219] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6219, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./379", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./379", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 113.013628][ T6220] loop0: detected capacity change from 0 to 256 [ 113.022951][ T6220] exfat: Deprecated parameter 'utf8' [ 113.032269][ T6220] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./379/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./379/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./379/binderfs") = 0 umount2("./379/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./379/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./379/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./379/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./379/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./379/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./379") = 0 mkdir("./380", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6222 ./strace-static-x86_64: Process 6222 attached [pid 6222] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6222] chdir("./380") = 0 [pid 6222] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6222] setpgid(0, 0) = 0 [pid 6222] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6222] write(3, "1000", 4) = 4 [pid 6222] close(3) = 0 [pid 6222] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6222] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6222] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6222] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6222] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6223], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6223 [pid 6222] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6222] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6223 attached [pid 6223] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6223] memfd_create("syzkaller", 0) = 3 [pid 6223] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6223] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6223] munmap(0x7f2656609000, 131072) = 0 [pid 6223] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6223] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6223] close(3) = 0 [pid 6223] mkdir("./file2", 0777) = 0 [pid 6223] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6223] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6223] chdir("./file2") = 0 [pid 6223] ioctl(4, LOOP_CLR_FD) = 0 [pid 6223] close(4) = 0 [pid 6223] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6222] <... futex resumed>) = 0 [pid 6222] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6223] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6222] <... futex resumed>) = 0 [pid 6222] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6223] <... openat resumed>) = 4 [pid 6223] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6222] <... futex resumed>) = 0 [pid 6223] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6222] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6222] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6223] <... openat resumed>) = 5 [pid 6223] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6222] <... futex resumed>) = 0 [pid 6223] write(4, "\x00\x00", 2 [pid 6222] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6223] <... write resumed>) = 2 [pid 6222] <... futex resumed>) = 0 [pid 6223] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6222] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6223] <... futex resumed>) = 0 [pid 6222] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6223] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6222] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6223] <... mmap resumed>) = 0x20000000 [pid 6222] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6223] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6222] <... futex resumed>) = 0 [pid 6223] <... futex resumed>) = 0 [pid 6222] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6223] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6222] <... mmap resumed>) = 0x7f2656608000 [pid 6222] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6222] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6224], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6224 [pid 6222] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6224 attached ) = 0 [pid 6224] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6222] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6224] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6224] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6224] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6222] <... futex resumed>) = 0 [pid 6222] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6222] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6223] <... futex resumed>) = 0 [pid 6224] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6223] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6223] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6222] <... futex resumed>) = 0 [pid 6222] exit_group(0) = ? [pid 6224] <... futex resumed>) = ? [pid 6223] +++ exited with 0 +++ [pid 6224] +++ exited with 0 +++ [pid 6222] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6222, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./380", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./380", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./380/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./380/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./380/binderfs") = 0 [ 113.126501][ T6223] loop0: detected capacity change from 0 to 256 [ 113.130232][ T5080] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 113.135699][ T6223] exfat: Deprecated parameter 'utf8' [ 113.153321][ T6223] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./380/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./380/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./380/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./380/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./380/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./380/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./380") = 0 mkdir("./381", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6225 ./strace-static-x86_64: Process 6225 attached [pid 6225] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6225] chdir("./381") = 0 [pid 6225] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6225] setpgid(0, 0) = 0 [pid 6225] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6225] write(3, "1000", 4) = 4 [pid 6225] close(3) = 0 [pid 6225] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6225] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6225] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6225] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6225] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6226 attached [pid 6226] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6226] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6225] <... clone resumed>, parent_tid=[6226], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6226 [pid 6225] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6226] <... futex resumed>) = 0 [pid 6225] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6226] memfd_create("syzkaller", 0) = 3 [pid 6226] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6226] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6226] munmap(0x7f2656609000, 131072) = 0 [pid 6226] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6226] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6226] close(3) = 0 [pid 6226] mkdir("./file2", 0777) = 0 [pid 6226] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6226] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6226] chdir("./file2") = 0 [pid 6226] ioctl(4, LOOP_CLR_FD) = 0 [pid 6226] close(4) = 0 [pid 6226] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6226] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6225] <... futex resumed>) = 0 [pid 6225] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6226] <... futex resumed>) = 0 [pid 6225] <... futex resumed>) = 1 [pid 6226] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6225] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6226] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6226] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6225] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6225] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6226] <... futex resumed>) = 0 [pid 6225] <... futex resumed>) = 1 [pid 6226] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6225] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6226] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6226] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6225] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6225] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6226] <... futex resumed>) = 0 [pid 6225] <... futex resumed>) = 1 [pid 6226] write(4, "\x00\x00", 2 [pid 6225] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6226] <... write resumed>) = 2 [pid 6226] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6225] <... futex resumed>) = 0 [pid 6226] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6225] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6226] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6225] <... futex resumed>) = 0 [pid 6226] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6225] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6226] <... mmap resumed>) = 0x20000000 [pid 6225] <... futex resumed>) = 0 [pid 6226] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6225] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6226] <... futex resumed>) = 0 [pid 6225] <... mmap resumed>) = 0x7f2656608000 [pid 6226] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6225] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6225] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6227 attached , parent_tid=[6227], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6227 [pid 6225] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6225] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6227] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6227] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6227] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6227] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6225] <... futex resumed>) = 0 [pid 6225] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6226] <... futex resumed>) = 0 [pid 6225] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6226] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6226] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6225] <... futex resumed>) = 0 [pid 6226] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6225] exit_group(0) = ? [pid 6226] <... futex resumed>) = ? [pid 6226] +++ exited with 0 +++ [pid 6227] +++ exited with 0 +++ [pid 6225] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6225, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./381", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./381", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./381/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./381/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./381/binderfs") = 0 umount2("./381/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./381/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./381/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 113.265457][ T6226] loop0: detected capacity change from 0 to 256 [ 113.274044][ T6226] exfat: Deprecated parameter 'utf8' [ 113.283367][ T6226] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./381/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./381/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./381/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./381") = 0 mkdir("./382", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6228 ./strace-static-x86_64: Process 6228 attached [pid 6228] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6228] chdir("./382") = 0 [pid 6228] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6228] setpgid(0, 0) = 0 [pid 6228] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6228] write(3, "1000", 4) = 4 [pid 6228] close(3) = 0 [pid 6228] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6228] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6228] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6228] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6228] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6229], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6229 ./strace-static-x86_64: Process 6229 attached [pid 6229] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6229] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6228] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6229] <... futex resumed>) = 0 [pid 6228] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6229] memfd_create("syzkaller", 0) = 3 [pid 6229] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6229] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6229] munmap(0x7f2656609000, 131072) = 0 [pid 6229] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6229] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6229] close(3) = 0 [pid 6229] mkdir("./file2", 0777) = 0 [pid 6229] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6229] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6229] chdir("./file2") = 0 [pid 6229] ioctl(4, LOOP_CLR_FD) = 0 [pid 6229] close(4) = 0 [pid 6229] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6228] <... futex resumed>) = 0 [pid 6229] <... futex resumed>) = 1 [pid 6228] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6229] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6228] <... futex resumed>) = 0 [pid 6228] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6229] <... openat resumed>) = 4 [pid 6229] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6228] <... futex resumed>) = 0 [pid 6229] <... futex resumed>) = 1 [pid 6229] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6228] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6228] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6229] <... openat resumed>) = 5 [pid 6229] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6228] <... futex resumed>) = 0 [pid 6228] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6228] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6229] write(4, "\x00\x00", 2) = 2 [pid 6229] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6228] <... futex resumed>) = 0 [pid 6229] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6228] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6229] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6228] <... futex resumed>) = 0 [pid 6229] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6228] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6229] <... mmap resumed>) = 0x20000000 [pid 6228] <... futex resumed>) = 0 [pid 6229] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6228] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6229] <... futex resumed>) = 0 [pid 6228] <... mmap resumed>) = 0x7f2656608000 [pid 6229] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6228] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6228] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6230 attached [pid 6230] set_robust_list(0x7f26566289e0, 24 [pid 6228] <... clone resumed>, parent_tid=[6230], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6230 [pid 6230] <... set_robust_list resumed>) = 0 [pid 6228] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6230] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6228] <... futex resumed>) = 0 [pid 6230] openat(AT_FDCWD, "", O_RDONLY [pid 6228] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6230] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 6230] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6228] <... futex resumed>) = 0 [pid 6230] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6228] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6229] <... futex resumed>) = 0 [pid 6228] <... futex resumed>) = 1 [pid 6229] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6228] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6229] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6228] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6229] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6228] exit_group(0 [pid 6230] <... futex resumed>) = ? [pid 6228] <... exit_group resumed>) = ? [pid 6230] +++ exited with 0 +++ [pid 6229] <... futex resumed>) = ? [pid 6229] +++ exited with 0 +++ [pid 6228] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6228, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./382", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./382", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./382/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./382/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./382/binderfs") = 0 [ 113.397021][ T6229] loop0: detected capacity change from 0 to 256 [ 113.406970][ T6229] exfat: Deprecated parameter 'utf8' [ 113.416757][ T6229] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./382/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./382/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./382/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./382/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./382/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./382/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./382") = 0 mkdir("./383", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6231 attached [pid 6231] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6231] chdir("./383") = 0 [pid 6231] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6231] setpgid(0, 0) = 0 [pid 6231] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6231] write(3, "1000", 4) = 4 [pid 6231] close(3) = 0 [pid 6231] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6231] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6231] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6231] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6231] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6232], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6232 [pid 5078] <... clone resumed>, child_tidptr=0x555556b3a6d0) = 6231 [pid 6231] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6231] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6232 attached [pid 6232] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6232] memfd_create("syzkaller", 0) = 3 [pid 6232] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6232] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6232] munmap(0x7f2656609000, 131072) = 0 [pid 6232] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6232] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6232] close(3) = 0 [pid 6232] mkdir("./file2", 0777) = 0 [pid 6232] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6232] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6232] chdir("./file2") = 0 [pid 6232] ioctl(4, LOOP_CLR_FD) = 0 [pid 6232] close(4) = 0 [pid 6232] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6231] <... futex resumed>) = 0 [pid 6231] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6232] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6231] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6232] <... openat resumed>) = 4 [pid 6232] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6231] <... futex resumed>) = 0 [pid 6232] <... futex resumed>) = 1 [pid 6231] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6231] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6232] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6232] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6231] <... futex resumed>) = 0 [pid 6231] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6231] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6232] write(4, "\x00\x00", 2) = 2 [pid 6232] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6231] <... futex resumed>) = 0 [pid 6232] <... futex resumed>) = 1 [pid 6231] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6231] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6231] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6231] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6231] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6233], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6233 [pid 6231] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6231] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6232] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6232] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6232] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6233 attached [pid 6233] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6233] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6233] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6233] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6231] <... futex resumed>) = 0 [pid 6231] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6232] <... futex resumed>) = 0 [pid 6231] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6232] getdents64(-1, [pid 6233] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6232] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6232] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6231] <... futex resumed>) = 0 [pid 6232] <... futex resumed>) = 1 [pid 6231] exit_group(0) = ? [pid 6233] <... futex resumed>) = ? [pid 6233] +++ exited with 0 +++ [pid 6232] +++ exited with 0 +++ [pid 6231] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6231, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./383", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./383", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./383/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./383/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./383/binderfs") = 0 [ 113.513717][ T6232] loop0: detected capacity change from 0 to 256 [ 113.522432][ T6232] exfat: Deprecated parameter 'utf8' [ 113.533951][ T6232] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./383/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./383/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./383/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./383/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./383/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./383/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./383") = 0 mkdir("./384", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6234 ./strace-static-x86_64: Process 6234 attached [pid 6234] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6234] chdir("./384") = 0 [pid 6234] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6234] setpgid(0, 0) = 0 [pid 6234] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6234] write(3, "1000", 4) = 4 [pid 6234] close(3) = 0 [pid 6234] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6234] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6234] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6234] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6234] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6235 attached , parent_tid=[6235], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6235 [pid 6235] set_robust_list(0x7f265ea299e0, 24 [pid 6234] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6235] <... set_robust_list resumed>) = 0 [pid 6234] <... futex resumed>) = 0 [pid 6234] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6235] memfd_create("syzkaller", 0) = 3 [pid 6235] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6235] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6235] munmap(0x7f2656609000, 131072) = 0 [pid 6235] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6235] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6235] close(3) = 0 [pid 6235] mkdir("./file2", 0777) = 0 [pid 6235] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6235] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6235] chdir("./file2") = 0 [pid 6235] ioctl(4, LOOP_CLR_FD) = 0 [pid 6235] close(4) = 0 [pid 6235] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6234] <... futex resumed>) = 0 [pid 6235] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6234] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6235] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6234] <... futex resumed>) = 0 [pid 6235] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6234] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6235] <... openat resumed>) = 4 [pid 6235] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6234] <... futex resumed>) = 0 [pid 6235] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6234] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6235] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6234] <... futex resumed>) = 0 [pid 6235] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6234] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6235] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6235] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6234] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6234] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6235] <... futex resumed>) = 0 [pid 6234] <... futex resumed>) = 1 [pid 6235] write(4, "\x00\x00", 2 [pid 6234] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6235] <... write resumed>) = 2 [pid 6235] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6234] <... futex resumed>) = 0 [pid 6235] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6234] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6235] <... mmap resumed>) = 0x20000000 [pid 6234] <... futex resumed>) = 0 [pid 6235] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6234] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6235] <... futex resumed>) = 0 [pid 6234] <... futex resumed>) = 0 [pid 6235] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6234] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6234] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6234] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6236 attached , parent_tid=[6236], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6236 [pid 6234] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6234] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6236] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6236] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6236] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6236] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6234] <... futex resumed>) = 0 [pid 6234] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6234] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6235] <... futex resumed>) = 0 [pid 6235] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6235] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6234] <... futex resumed>) = 0 [pid 6234] exit_group(0) = ? [pid 6235] <... futex resumed>) = ? [pid 6235] +++ exited with 0 +++ [pid 6236] <... futex resumed>) = ? [pid 6236] +++ exited with 0 +++ [pid 6234] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6234, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 113.637025][ T6235] loop0: detected capacity change from 0 to 256 [ 113.647770][ T6235] exfat: Deprecated parameter 'utf8' [ 113.658457][ T6235] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./384", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./384", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./384/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./384/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./384/binderfs") = 0 umount2("./384/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./384/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./384/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./384/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./384/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./384/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./384") = 0 mkdir("./385", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6237 ./strace-static-x86_64: Process 6237 attached [pid 6237] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6237] chdir("./385") = 0 [pid 6237] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6237] setpgid(0, 0) = 0 [pid 6237] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6237] write(3, "1000", 4) = 4 [pid 6237] close(3) = 0 [pid 6237] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6237] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6237] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6237] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6237] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6238 attached , parent_tid=[6238], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6238 [pid 6237] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6237] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6238] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6238] memfd_create("syzkaller", 0) = 3 [pid 6238] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6238] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6238] munmap(0x7f2656609000, 131072) = 0 [pid 6238] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6238] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6238] close(3) = 0 [pid 6238] mkdir("./file2", 0777) = 0 [pid 6238] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6238] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6238] chdir("./file2") = 0 [pid 6238] ioctl(4, LOOP_CLR_FD) = 0 [pid 6238] close(4) = 0 [pid 6238] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6237] <... futex resumed>) = 0 [pid 6238] <... futex resumed>) = 1 [pid 6237] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6238] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6237] <... futex resumed>) = 0 [pid 6237] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6238] <... openat resumed>) = 4 [pid 6238] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6238] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6237] <... futex resumed>) = 0 [pid 6237] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6237] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6238] <... futex resumed>) = 0 [pid 6238] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6238] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6237] <... futex resumed>) = 0 [pid 6238] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6237] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6238] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6237] <... futex resumed>) = 0 [pid 6238] write(4, "\x00\x00", 2 [pid 6237] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6238] <... write resumed>) = 2 [pid 6238] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6237] <... futex resumed>) = 0 [pid 6238] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6237] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6238] <... mmap resumed>) = 0x20000000 [pid 6237] <... futex resumed>) = 0 [pid 6237] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6237] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6238] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6238] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6237] <... mmap resumed>) = 0x7f2656608000 [pid 6237] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6237] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6239], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6239 [pid 6237] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6237] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6239 attached [pid 6239] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6239] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6239] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6239] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6237] <... futex resumed>) = 0 [pid 6237] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6238] <... futex resumed>) = 0 [pid 6237] <... futex resumed>) = 1 [pid 6238] getdents64(-1, [pid 6237] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6238] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6238] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6237] <... futex resumed>) = 0 [pid 6239] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6238] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6237] exit_group(0 [pid 6238] <... futex resumed>) = ? [pid 6237] <... exit_group resumed>) = ? [pid 6239] <... futex resumed>) = ? [pid 6238] +++ exited with 0 +++ [pid 6239] +++ exited with 0 +++ [pid 6237] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6237, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./385", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./385", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./385/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./385/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./385/binderfs") = 0 [ 113.775041][ T6238] loop0: detected capacity change from 0 to 256 [ 113.785506][ T6238] exfat: Deprecated parameter 'utf8' [ 113.795902][ T6238] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./385/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./385/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./385/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./385/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./385/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./385/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./385") = 0 mkdir("./386", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6240 ./strace-static-x86_64: Process 6240 attached [pid 6240] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6240] chdir("./386") = 0 [pid 6240] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6240] setpgid(0, 0) = 0 [pid 6240] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6240] write(3, "1000", 4) = 4 [pid 6240] close(3) = 0 [pid 6240] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6240] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6240] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6240] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6240] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6241 attached , parent_tid=[6241], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6241 [pid 6240] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6240] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6241] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6241] memfd_create("syzkaller", 0) = 3 [pid 6241] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6241] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6241] munmap(0x7f2656609000, 131072) = 0 [pid 6241] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6241] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6241] close(3) = 0 [pid 6241] mkdir("./file2", 0777) = 0 [pid 6241] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6241] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6241] chdir("./file2") = 0 [pid 6241] ioctl(4, LOOP_CLR_FD) = 0 [pid 6241] close(4) = 0 [pid 6241] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6240] <... futex resumed>) = 0 [pid 6240] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6240] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6241] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6241] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6240] <... futex resumed>) = 0 [pid 6240] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6240] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6241] <... futex resumed>) = 1 [pid 6241] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6241] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6240] <... futex resumed>) = 0 [pid 6240] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6240] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6241] write(4, "\x00\x00", 2) = 2 [pid 6241] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6240] <... futex resumed>) = 0 [pid 6240] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6240] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6240] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6240] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6240] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6242 attached , parent_tid=[6242], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6242 [pid 6242] set_robust_list(0x7f26566289e0, 24 [pid 6240] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6240] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6241] <... futex resumed>) = 1 [pid 6242] <... set_robust_list resumed>) = 0 [pid 6241] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6242] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6241] <... mmap resumed>) = 0x20000000 [pid 6241] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6241] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6242] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6240] <... futex resumed>) = 0 [pid 6240] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6240] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6242] <... futex resumed>) = 1 [pid 6241] <... futex resumed>) = 0 [pid 6242] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6241] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6241] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6240] <... futex resumed>) = 0 [pid 6240] exit_group(0 [pid 6242] <... futex resumed>) = ? [pid 6240] <... exit_group resumed>) = ? [pid 6242] +++ exited with 0 +++ [pid 6241] +++ exited with 0 +++ [pid 6240] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6240, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./386", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./386", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./386/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./386/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./386/binderfs") = 0 [ 113.881876][ T6241] loop0: detected capacity change from 0 to 256 [ 113.890604][ T6241] exfat: Deprecated parameter 'utf8' [ 113.901283][ T6241] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./386/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./386/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./386/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./386/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./386/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./386/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./386") = 0 mkdir("./387", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6243 attached [pid 6243] set_robust_list(0x555556b3a6e0, 24 [pid 5078] <... clone resumed>, child_tidptr=0x555556b3a6d0) = 6243 [pid 6243] <... set_robust_list resumed>) = 0 [pid 6243] chdir("./387") = 0 [pid 6243] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6243] setpgid(0, 0) = 0 [pid 6243] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6243] write(3, "1000", 4) = 4 [pid 6243] close(3) = 0 [pid 6243] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6243] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6243] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6243] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6243] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6244], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6244 [pid 6243] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6243] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6244 attached [pid 6244] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6244] memfd_create("syzkaller", 0) = 3 [pid 6244] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6244] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6244] munmap(0x7f2656609000, 131072) = 0 [pid 6244] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6244] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6244] close(3) = 0 [pid 6244] mkdir("./file2", 0777) = 0 [pid 6244] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6244] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6244] chdir("./file2") = 0 [pid 6244] ioctl(4, LOOP_CLR_FD) = 0 [pid 6244] close(4) = 0 [pid 6244] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6243] <... futex resumed>) = 0 [pid 6243] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6243] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6244] <... futex resumed>) = 1 [pid 6244] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6244] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6243] <... futex resumed>) = 0 [pid 6243] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6243] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6244] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6244] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6243] <... futex resumed>) = 0 [pid 6243] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6243] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6244] write(4, "\x00\x00", 2) = 2 [pid 6244] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6243] <... futex resumed>) = 0 [pid 6243] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6243] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6243] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6244] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6243] <... mmap resumed>) = 0x7f2656608000 [pid 6243] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6243] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6245], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6245 ./strace-static-x86_64: Process 6245 attached [pid 6244] <... mmap resumed>) = 0x20000000 [pid 6243] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6243] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6245] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6245] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6245] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6245] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6243] <... futex resumed>) = 0 [pid 6243] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6243] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6245] <... futex resumed>) = 1 [pid 6245] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6244] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6245] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6243] <... futex resumed>) = 0 [pid 6243] exit_group(0) = ? [pid 6244] <... futex resumed>) = ? [pid 6245] <... futex resumed>) = ? [pid 6245] +++ exited with 0 +++ [pid 6244] +++ exited with 0 +++ [pid 6243] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6243, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./387", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./387", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./387/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./387/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./387/binderfs") = 0 [ 114.012626][ T6244] loop0: detected capacity change from 0 to 256 [ 114.021544][ T6244] exfat: Deprecated parameter 'utf8' [ 114.033091][ T6244] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./387/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./387/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./387/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./387/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./387/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./387/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./387") = 0 mkdir("./388", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6246 ./strace-static-x86_64: Process 6246 attached [pid 6246] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6246] chdir("./388") = 0 [pid 6246] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6246] setpgid(0, 0) = 0 [pid 6246] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6246] write(3, "1000", 4) = 4 [pid 6246] close(3) = 0 [pid 6246] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6246] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6246] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6246] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6246] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6247], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6247 [pid 6246] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6246] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6247 attached [pid 6247] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6247] memfd_create("syzkaller", 0) = 3 [pid 6247] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6247] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6247] munmap(0x7f2656609000, 131072) = 0 [pid 6247] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6247] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6247] close(3) = 0 [pid 6247] mkdir("./file2", 0777) = 0 [pid 6247] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6247] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6247] chdir("./file2") = 0 [pid 6247] ioctl(4, LOOP_CLR_FD) = 0 [pid 6247] close(4) = 0 [pid 6247] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6246] <... futex resumed>) = 0 [pid 6246] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6246] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6247] <... futex resumed>) = 1 [pid 6247] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6247] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6246] <... futex resumed>) = 0 [pid 6246] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6246] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6247] <... futex resumed>) = 1 [pid 6247] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6247] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6246] <... futex resumed>) = 0 [pid 6246] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6246] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6247] <... futex resumed>) = 1 [pid 6247] write(4, "\x00\x00", 2) = 2 [pid 6247] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6246] <... futex resumed>) = 0 [pid 6246] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6246] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6246] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6246] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6246] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6248], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6248 [pid 6246] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6246] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6247] <... futex resumed>) = 1 [pid 6247] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6247] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6247] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6248 attached [pid 6248] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6248] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6248] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6248] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6246] <... futex resumed>) = 0 [pid 6246] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6246] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6248] <... futex resumed>) = 1 [pid 6247] <... futex resumed>) = 0 [pid 6248] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6247] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6247] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6246] <... futex resumed>) = 0 [pid 6247] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6246] exit_group(0 [pid 6247] <... futex resumed>) = ? [pid 6246] <... exit_group resumed>) = ? [pid 6248] <... futex resumed>) = ? [pid 6247] +++ exited with 0 +++ [pid 6248] +++ exited with 0 +++ [pid 6246] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6246, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./388", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 114.117023][ T6247] loop0: detected capacity change from 0 to 256 [ 114.123007][ T5080] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 114.126724][ T6247] exfat: Deprecated parameter 'utf8' [ 114.144208][ T6247] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) openat(AT_FDCWD, "./388", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./388/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./388/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./388/binderfs") = 0 umount2("./388/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./388/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./388/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./388/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./388/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./388/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./388") = 0 mkdir("./389", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6249 attached , child_tidptr=0x555556b3a6d0) = 6249 [pid 6249] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6249] chdir("./389") = 0 [pid 6249] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6249] setpgid(0, 0) = 0 [pid 6249] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6249] write(3, "1000", 4) = 4 [pid 6249] close(3) = 0 [pid 6249] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6249] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6249] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6249] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6249] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6250 attached [pid 6250] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6250] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6249] <... clone resumed>, parent_tid=[6250], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6250 [pid 6249] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6249] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6250] <... futex resumed>) = 0 [pid 6250] memfd_create("syzkaller", 0) = 3 [pid 6250] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6250] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6250] munmap(0x7f2656609000, 131072) = 0 [pid 6250] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6250] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6250] close(3) = 0 [pid 6250] mkdir("./file2", 0777) = 0 [pid 6250] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6250] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6250] chdir("./file2") = 0 [pid 6250] ioctl(4, LOOP_CLR_FD) = 0 [pid 6250] close(4) = 0 [pid 6250] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6249] <... futex resumed>) = 0 [pid 6250] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6249] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6250] <... futex resumed>) = 0 [pid 6249] <... futex resumed>) = 1 [pid 6250] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6249] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6250] <... openat resumed>) = 4 [pid 6250] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6250] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6249] <... futex resumed>) = 0 [pid 6249] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6250] <... futex resumed>) = 0 [pid 6249] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6250] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6250] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6249] <... futex resumed>) = 0 [pid 6250] write(4, "\x00\x00", 2 [pid 6249] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6250] <... write resumed>) = 2 [pid 6249] <... futex resumed>) = 0 [pid 6250] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6249] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6250] <... futex resumed>) = 0 [pid 6249] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6250] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6249] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6250] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6249] <... futex resumed>) = 0 [pid 6250] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6249] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6249] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6249] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6250] <... mmap resumed>) = 0x20000000 [pid 6249] <... mprotect resumed>) = 0 [pid 6250] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6249] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6251 attached [pid 6250] <... futex resumed>) = 0 [pid 6251] set_robust_list(0x7f26566289e0, 24 [pid 6250] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6249] <... clone resumed>, parent_tid=[6251], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6251 [pid 6251] <... set_robust_list resumed>) = 0 [pid 6249] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6251] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6249] <... futex resumed>) = 0 [pid 6251] openat(AT_FDCWD, "", O_RDONLY [pid 6249] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6251] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 6251] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6249] <... futex resumed>) = 0 [pid 6251] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6249] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6249] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6250] <... futex resumed>) = 0 [pid 6250] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6250] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6249] <... futex resumed>) = 0 [pid 6250] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6249] exit_group(0 [pid 6251] <... futex resumed>) = ? [pid 6250] <... futex resumed>) = ? [pid 6249] <... exit_group resumed>) = ? [pid 6251] +++ exited with 0 +++ [pid 6250] +++ exited with 0 +++ [pid 6249] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6249, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [ 114.250398][ T6250] loop0: detected capacity change from 0 to 256 [ 114.260366][ T6250] exfat: Deprecated parameter 'utf8' [ 114.269790][ T6250] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./389", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./389", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./389/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./389/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./389/binderfs") = 0 umount2("./389/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./389/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./389/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./389/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./389/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./389/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./389") = 0 mkdir("./390", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6252 ./strace-static-x86_64: Process 6252 attached [pid 6252] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6252] chdir("./390") = 0 [pid 6252] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6252] setpgid(0, 0) = 0 [pid 6252] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6252] write(3, "1000", 4) = 4 [pid 6252] close(3) = 0 [pid 6252] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6252] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6252] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6252] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6252] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6253 attached , parent_tid=[6253], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6253 [pid 6252] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6253] set_robust_list(0x7f265ea299e0, 24 [pid 6252] <... futex resumed>) = 0 [pid 6253] <... set_robust_list resumed>) = 0 [pid 6252] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6253] memfd_create("syzkaller", 0) = 3 [pid 6253] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6253] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6253] munmap(0x7f2656609000, 131072) = 0 [pid 6253] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6253] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6253] close(3) = 0 [pid 6253] mkdir("./file2", 0777) = 0 [pid 6253] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6253] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6253] chdir("./file2") = 0 [pid 6253] ioctl(4, LOOP_CLR_FD) = 0 [pid 6253] close(4) = 0 [pid 6253] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6253] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6252] <... futex resumed>) = 0 [pid 6252] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6252] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6253] <... futex resumed>) = 0 [pid 6253] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6253] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6252] <... futex resumed>) = 0 [pid 6252] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6252] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6253] <... futex resumed>) = 1 [pid 6253] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6253] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6252] <... futex resumed>) = 0 [pid 6252] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6252] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6253] <... futex resumed>) = 1 [pid 6253] write(4, "\x00\x00", 2) = 2 [pid 6253] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6252] <... futex resumed>) = 0 [pid 6252] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6252] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6252] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6253] <... futex resumed>) = 1 [pid 6252] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6253] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6252] <... mprotect resumed>) = 0 [pid 6253] <... mmap resumed>) = 0x20000000 [pid 6252] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6254 attached , parent_tid=[6254], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6254 [pid 6252] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6253] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6252] <... futex resumed>) = 0 [pid 6253] <... futex resumed>) = 0 [pid 6252] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6253] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6254] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6254] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6254] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6254] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6252] <... futex resumed>) = 0 [pid 6254] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6252] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6253] <... futex resumed>) = 0 [pid 6252] <... futex resumed>) = 1 [pid 6253] getdents64(-1, [pid 6252] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6253] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6253] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6252] <... futex resumed>) = 0 [pid 6253] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6252] exit_group(0 [pid 6254] <... futex resumed>) = ? [pid 6253] <... futex resumed>) = ? [pid 6252] <... exit_group resumed>) = ? [pid 6253] +++ exited with 0 +++ [pid 6254] +++ exited with 0 +++ [pid 6252] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6252, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./390", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./390", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./390/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./390/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./390/binderfs") = 0 umount2("./390/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./390/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./390/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./390/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./390/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 [ 114.385193][ T6253] loop0: detected capacity change from 0 to 256 [ 114.394125][ T6253] exfat: Deprecated parameter 'utf8' [ 114.403960][ T6253] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) rmdir("./390/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./390") = 0 mkdir("./391", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6255 ./strace-static-x86_64: Process 6255 attached [pid 6255] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6255] chdir("./391") = 0 [pid 6255] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6255] setpgid(0, 0) = 0 [pid 6255] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6255] write(3, "1000", 4) = 4 [pid 6255] close(3) = 0 [pid 6255] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6255] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6255] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6255] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6255] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6256], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6256 ./strace-static-x86_64: Process 6256 attached [pid 6256] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6256] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6255] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6256] <... futex resumed>) = 0 [pid 6255] <... futex resumed>) = 1 [pid 6255] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6256] memfd_create("syzkaller", 0) = 3 [pid 6256] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6256] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6256] munmap(0x7f2656609000, 131072) = 0 [pid 6256] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6256] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6256] close(3) = 0 [pid 6256] mkdir("./file2", 0777) = 0 [pid 6256] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6256] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6256] chdir("./file2") = 0 [pid 6256] ioctl(4, LOOP_CLR_FD) = 0 [pid 6256] close(4) = 0 [pid 6256] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6255] <... futex resumed>) = 0 [pid 6256] <... futex resumed>) = 1 [pid 6255] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6256] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6255] <... futex resumed>) = 0 [pid 6255] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6256] <... openat resumed>) = 4 [pid 6256] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6255] <... futex resumed>) = 0 [pid 6255] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6255] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6256] <... futex resumed>) = 1 [pid 6256] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6256] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6255] <... futex resumed>) = 0 [pid 6255] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6255] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6256] <... futex resumed>) = 1 [pid 6256] write(4, "\x00\x00", 2) = 2 [pid 6256] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6255] <... futex resumed>) = 0 [pid 6255] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6255] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6255] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6255] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6255] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6257 attached , parent_tid=[6257], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6257 [pid 6255] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6255] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6256] <... futex resumed>) = 1 [pid 6256] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6257] set_robust_list(0x7f26566289e0, 24 [pid 6256] <... mmap resumed>) = 0x20000000 [pid 6256] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6256] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6257] <... set_robust_list resumed>) = 0 [pid 6257] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6257] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6257] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6255] <... futex resumed>) = 0 [pid 6255] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6255] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6256] <... futex resumed>) = 0 [pid 6256] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6256] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6255] <... futex resumed>) = 0 [pid 6255] exit_group(0) = ? [pid 6256] <... futex resumed>) = ? [pid 6256] +++ exited with 0 +++ [pid 6257] <... futex resumed>) = ? [pid 6257] +++ exited with 0 +++ [pid 6255] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6255, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./391", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./391", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./391/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./391/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./391/binderfs") = 0 [ 114.497163][ T6256] loop0: detected capacity change from 0 to 256 [ 114.505785][ T6256] exfat: Deprecated parameter 'utf8' [ 114.516629][ T6256] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./391/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./391/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./391/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./391/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./391/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./391/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./391") = 0 mkdir("./392", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6258 ./strace-static-x86_64: Process 6258 attached [pid 6258] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6258] chdir("./392") = 0 [pid 6258] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6258] setpgid(0, 0) = 0 [pid 6258] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6258] write(3, "1000", 4) = 4 [pid 6258] close(3) = 0 [pid 6258] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6258] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6258] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6258] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6258] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6259 attached , parent_tid=[6259], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6259 [pid 6259] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6259] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6258] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6259] <... futex resumed>) = 0 [pid 6258] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6259] memfd_create("syzkaller", 0) = 3 [pid 6259] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6259] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6259] munmap(0x7f2656609000, 131072) = 0 [pid 6259] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6259] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6259] close(3) = 0 [pid 6259] mkdir("./file2", 0777) = 0 [pid 6259] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6259] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6259] chdir("./file2") = 0 [pid 6259] ioctl(4, LOOP_CLR_FD) = 0 [pid 6259] close(4) = 0 [pid 6259] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6258] <... futex resumed>) = 0 [pid 6258] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6258] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6259] <... futex resumed>) = 1 [pid 6259] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6259] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6258] <... futex resumed>) = 0 [pid 6258] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6258] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6259] <... futex resumed>) = 1 [pid 6259] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6259] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6258] <... futex resumed>) = 0 [pid 6258] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6258] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6259] <... futex resumed>) = 1 [pid 6259] write(4, "\x00\x00", 2) = 2 [pid 6259] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6258] <... futex resumed>) = 0 [pid 6258] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6258] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6258] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6258] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6258] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6260], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6260 [pid 6258] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6258] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6259] <... futex resumed>) = 1 [pid 6259] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6259] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6259] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6260 attached [pid 6260] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6260] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6260] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6260] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6258] <... futex resumed>) = 0 [pid 6258] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6258] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6259] <... futex resumed>) = 0 [pid 6259] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6259] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6258] <... futex resumed>) = 0 [pid 6258] exit_group(0) = ? [pid 6259] <... futex resumed>) = ? [pid 6259] +++ exited with 0 +++ [pid 6260] <... futex resumed>) = ? [pid 6260] +++ exited with 0 +++ [pid 6258] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6258, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./392", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./392", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./392/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./392/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./392/binderfs") = 0 umount2("./392/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./392/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./392/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./392/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./392/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./392/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./392") = 0 mkdir("./393", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6261 ./strace-static-x86_64: Process 6261 attached [pid 6261] set_robust_list(0x555556b3a6e0, 24) = 0 [ 114.617742][ T6259] loop0: detected capacity change from 0 to 256 [ 114.626845][ T6259] exfat: Deprecated parameter 'utf8' [ 114.637816][ T6259] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6261] chdir("./393") = 0 [pid 6261] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6261] setpgid(0, 0) = 0 [pid 6261] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6261] write(3, "1000", 4) = 4 [pid 6261] close(3) = 0 [pid 6261] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6261] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6261] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6261] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6261] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6262 attached , parent_tid=[6262], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6262 [pid 6261] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6262] set_robust_list(0x7f265ea299e0, 24 [pid 6261] <... futex resumed>) = 0 [pid 6261] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6262] <... set_robust_list resumed>) = 0 [pid 6262] memfd_create("syzkaller", 0) = 3 [pid 6262] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6262] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6262] munmap(0x7f2656609000, 131072) = 0 [pid 6262] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6262] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6262] close(3) = 0 [pid 6262] mkdir("./file2", 0777) = 0 [pid 6262] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6262] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6262] chdir("./file2") = 0 [pid 6262] ioctl(4, LOOP_CLR_FD) = 0 [pid 6262] close(4) = 0 [pid 6262] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6262] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6261] <... futex resumed>) = 0 [pid 6261] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6262] <... futex resumed>) = 0 [pid 6261] <... futex resumed>) = 1 [pid 6262] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6261] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6262] <... openat resumed>) = 4 [pid 6262] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6261] <... futex resumed>) = 0 [pid 6262] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6261] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6262] <... openat resumed>) = 5 [pid 6261] <... futex resumed>) = 0 [pid 6262] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6261] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6262] <... futex resumed>) = 0 [pid 6261] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6262] write(4, "\x00\x00", 2 [pid 6261] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6262] <... write resumed>) = 2 [pid 6261] <... futex resumed>) = 0 [pid 6262] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6261] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6262] <... futex resumed>) = 0 [pid 6261] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6262] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6261] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6262] <... mmap resumed>) = 0x20000000 [pid 6261] <... futex resumed>) = 0 [pid 6262] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6261] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6262] <... futex resumed>) = 0 [pid 6261] <... futex resumed>) = 0 [pid 6262] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6261] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6261] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6261] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6263], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6263 ./strace-static-x86_64: Process 6263 attached [pid 6261] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6261] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6263] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6263] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6263] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6263] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6261] <... futex resumed>) = 0 [pid 6263] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6261] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6262] <... futex resumed>) = 0 [pid 6261] <... futex resumed>) = 1 [pid 6262] getdents64(-1, [pid 6261] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6262] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6262] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6261] <... futex resumed>) = 0 [pid 6262] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6261] exit_group(0 [pid 6263] <... futex resumed>) = ? [pid 6262] <... futex resumed>) = ? [pid 6261] <... exit_group resumed>) = ? [pid 6263] +++ exited with 0 +++ [pid 6262] +++ exited with 0 +++ [pid 6261] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6261, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./393", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./393", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./393/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./393/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./393/binderfs") = 0 umount2("./393/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./393/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./393/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./393/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./393/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./393/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./393") = 0 [ 114.718930][ T6262] loop0: detected capacity change from 0 to 256 [ 114.729433][ T6262] exfat: Deprecated parameter 'utf8' [ 114.739259][ T6262] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) mkdir("./394", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6264 ./strace-static-x86_64: Process 6264 attached [pid 6264] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6264] chdir("./394") = 0 [pid 6264] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6264] setpgid(0, 0) = 0 [pid 6264] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6264] write(3, "1000", 4) = 4 [pid 6264] close(3) = 0 [pid 6264] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6264] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6264] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6264] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6264] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6265], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6265 [pid 6264] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6264] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6265 attached [pid 6265] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6265] memfd_create("syzkaller", 0) = 3 [pid 6265] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6265] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6265] munmap(0x7f2656609000, 131072) = 0 [pid 6265] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6265] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6265] close(3) = 0 [pid 6265] mkdir("./file2", 0777) = 0 [pid 6265] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6265] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6265] chdir("./file2") = 0 [pid 6265] ioctl(4, LOOP_CLR_FD) = 0 [pid 6265] close(4) = 0 [pid 6265] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6264] <... futex resumed>) = 0 [pid 6264] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6265] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6264] <... futex resumed>) = 0 [pid 6264] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6265] <... openat resumed>) = 4 [pid 6265] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6264] <... futex resumed>) = 0 [pid 6265] <... futex resumed>) = 1 [pid 6265] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6264] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6264] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6265] <... openat resumed>) = 5 [pid 6265] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6264] <... futex resumed>) = 0 [pid 6265] <... futex resumed>) = 1 [pid 6264] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6264] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6265] write(4, "\x00\x00", 2) = 2 [pid 6265] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6264] <... futex resumed>) = 0 [pid 6265] <... futex resumed>) = 1 [pid 6264] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6264] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6264] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6264] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6264] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6266 attached , parent_tid=[6266], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6266 [pid 6265] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6264] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6264] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6266] set_robust_list(0x7f26566289e0, 24 [pid 6265] <... mmap resumed>) = 0x20000000 [pid 6266] <... set_robust_list resumed>) = 0 [pid 6266] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6266] openat(AT_FDCWD, "", O_RDONLY [pid 6265] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6266] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 6266] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6265] <... futex resumed>) = 0 [pid 6266] <... futex resumed>) = 1 [pid 6264] <... futex resumed>) = 0 [pid 6265] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6264] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6265] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6264] <... futex resumed>) = 0 [pid 6266] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6264] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6265] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6265] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6264] <... futex resumed>) = 0 [pid 6265] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6264] exit_group(0 [pid 6266] <... futex resumed>) = ? [pid 6264] <... exit_group resumed>) = ? [pid 6265] <... futex resumed>) = ? [pid 6265] +++ exited with 0 +++ [pid 6266] +++ exited with 0 +++ [pid 6264] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6264, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./394", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./394", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 114.839613][ T6265] loop0: detected capacity change from 0 to 256 [ 114.849794][ T6265] exfat: Deprecated parameter 'utf8' [ 114.860928][ T6265] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./394/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./394/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./394/binderfs") = 0 umount2("./394/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./394/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./394/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./394/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./394/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./394/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./394") = 0 mkdir("./395", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6267 ./strace-static-x86_64: Process 6267 attached [pid 6267] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6267] chdir("./395") = 0 [pid 6267] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6267] setpgid(0, 0) = 0 [pid 6267] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6267] write(3, "1000", 4) = 4 [pid 6267] close(3) = 0 [pid 6267] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6267] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6267] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6267] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6267] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6268], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6268 [pid 6267] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6267] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6268 attached [pid 6268] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6268] memfd_create("syzkaller", 0) = 3 [pid 6268] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6268] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6268] munmap(0x7f2656609000, 131072) = 0 [pid 6268] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6268] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6268] close(3) = 0 [pid 6268] mkdir("./file2", 0777) = 0 [pid 6268] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6268] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6268] chdir("./file2") = 0 [pid 6268] ioctl(4, LOOP_CLR_FD) = 0 [pid 6268] close(4) = 0 [pid 6268] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6267] <... futex resumed>) = 0 [pid 6267] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6267] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6268] <... futex resumed>) = 1 [pid 6268] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6268] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6267] <... futex resumed>) = 0 [pid 6267] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6267] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6268] <... futex resumed>) = 1 [pid 6268] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6268] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6267] <... futex resumed>) = 0 [pid 6267] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6267] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6268] <... futex resumed>) = 1 [pid 6268] write(4, "\x00\x00", 2) = 2 [pid 6268] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6267] <... futex resumed>) = 0 [pid 6267] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6267] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6267] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6268] <... futex resumed>) = 1 [pid 6267] <... mmap resumed>) = 0x7f2656608000 [pid 6267] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6267] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6269], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6269 [pid 6267] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6267] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6269 attached [pid 6269] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6269] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6268] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6268] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6268] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6269] <... openat resumed>) = 6 [pid 6269] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6267] <... futex resumed>) = 0 [pid 6267] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6269] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6268] <... futex resumed>) = 0 [pid 6267] <... futex resumed>) = 1 [pid 6267] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6268] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 6268] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6267] <... futex resumed>) = 0 [pid 6268] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6267] exit_group(0 [pid 6269] <... futex resumed>) = ? [pid 6268] <... futex resumed>) = ? [pid 6267] <... exit_group resumed>) = ? [pid 6268] +++ exited with 0 +++ [pid 6269] +++ exited with 0 +++ [pid 6267] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6267, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./395", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./395", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./395/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./395/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./395/binderfs") = 0 [ 114.965869][ T6268] loop0: detected capacity change from 0 to 256 [ 114.974572][ T6268] exfat: Deprecated parameter 'utf8' [ 114.987335][ T6268] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./395/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./395/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./395/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./395/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./395/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./395/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./395") = 0 mkdir("./396", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6270 attached , child_tidptr=0x555556b3a6d0) = 6270 [pid 6270] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6270] chdir("./396") = 0 [pid 6270] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6270] setpgid(0, 0) = 0 [pid 6270] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6270] write(3, "1000", 4) = 4 [pid 6270] close(3) = 0 [pid 6270] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6270] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6270] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6270] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6270] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6271], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6271 [pid 6270] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6270] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6271 attached [pid 6271] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6271] memfd_create("syzkaller", 0) = 3 [pid 6271] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6271] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6271] munmap(0x7f2656609000, 131072) = 0 [pid 6271] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6271] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6271] close(3) = 0 [pid 6271] mkdir("./file2", 0777) = 0 [pid 6271] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6271] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6271] chdir("./file2") = 0 [pid 6271] ioctl(4, LOOP_CLR_FD) = 0 [pid 6271] close(4) = 0 [pid 6271] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6270] <... futex resumed>) = 0 [pid 6270] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6271] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6270] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6271] <... openat resumed>) = 4 [pid 6271] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6270] <... futex resumed>) = 0 [pid 6271] <... futex resumed>) = 1 [pid 6271] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6270] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6270] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6271] <... openat resumed>) = 5 [pid 6271] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6270] <... futex resumed>) = 0 [pid 6270] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6270] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6271] write(4, "\x00\x00", 2) = 2 [pid 6271] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6270] <... futex resumed>) = 0 [pid 6270] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6270] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6270] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6270] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6270] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6272 attached , parent_tid=[6272], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6272 [pid 6270] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6272] set_robust_list(0x7f26566289e0, 24 [pid 6270] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6272] <... set_robust_list resumed>) = 0 [pid 6272] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6271] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6271] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6272] <... openat resumed>) = 6 [pid 6272] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6270] <... futex resumed>) = 0 [pid 6272] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6270] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6270] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6271] <... futex resumed>) = 1 [pid 6270] <... futex resumed>) = 0 [pid 6270] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 6271] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 6271] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6270] <... futex resumed>) = 0 [pid 6271] <... futex resumed>) = 1 [pid 6270] exit_group(0) = ? [pid 6272] <... futex resumed>) = ? [pid 6272] +++ exited with 0 +++ [pid 6271] +++ exited with 0 +++ [pid 6270] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6270, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./396", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./396", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./396/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./396/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./396/binderfs") = 0 [ 115.096684][ T6271] loop0: detected capacity change from 0 to 256 [ 115.104996][ T6271] exfat: Deprecated parameter 'utf8' [ 115.116108][ T6271] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./396/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./396/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./396/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./396/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./396/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./396/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./396") = 0 mkdir("./397", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6273 ./strace-static-x86_64: Process 6273 attached [pid 6273] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6273] chdir("./397") = 0 [pid 6273] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6273] setpgid(0, 0) = 0 [pid 6273] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6273] write(3, "1000", 4) = 4 [pid 6273] close(3) = 0 [pid 6273] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6273] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6273] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6273] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6273] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6274 attached [pid 6274] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6273] <... clone resumed>, parent_tid=[6274], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6274 [pid 6274] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6273] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6274] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6273] <... futex resumed>) = 0 [pid 6273] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6274] memfd_create("syzkaller", 0) = 3 [pid 6274] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6274] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6274] munmap(0x7f2656609000, 131072) = 0 [pid 6274] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6274] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6274] close(3) = 0 [pid 6274] mkdir("./file2", 0777) = 0 [pid 6274] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6274] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6274] chdir("./file2") = 0 [pid 6274] ioctl(4, LOOP_CLR_FD) = 0 [pid 6274] close(4) = 0 [pid 6274] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6273] <... futex resumed>) = 0 [pid 6273] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6274] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6273] <... futex resumed>) = 0 [pid 6273] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6274] <... openat resumed>) = 4 [pid 6274] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6273] <... futex resumed>) = 0 [pid 6274] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6273] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6273] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6274] <... openat resumed>) = 5 [pid 6274] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6273] <... futex resumed>) = 0 [pid 6273] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6273] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6274] write(4, "\x00\x00", 2) = 2 [pid 6274] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6273] <... futex resumed>) = 0 [pid 6273] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6273] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6273] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6274] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6273] <... mmap resumed>) = 0x7f2656608000 [pid 6273] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6273] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6275], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6275 [pid 6273] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6273] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6275 attached [pid 6274] <... mmap resumed>) = 0x20000000 [pid 6275] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6275] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6275] openat(AT_FDCWD, "", O_RDONLY [pid 6274] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6275] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 6274] <... futex resumed>) = 0 [pid 6275] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6273] <... futex resumed>) = 0 [pid 6274] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6273] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6273] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6274] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6275] <... futex resumed>) = 1 [pid 6275] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6274] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6274] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6273] <... futex resumed>) = 0 [pid 6274] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6273] exit_group(0) = ? [pid 6274] <... futex resumed>) = ? [pid 6275] <... futex resumed>) = ? [pid 6274] +++ exited with 0 +++ [pid 6275] +++ exited with 0 +++ [pid 6273] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6273, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./397", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./397", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./397/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./397/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./397/binderfs") = 0 [ 115.217239][ T6274] loop0: detected capacity change from 0 to 256 [ 115.226478][ T6274] exfat: Deprecated parameter 'utf8' [ 115.237775][ T6274] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./397/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./397/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./397/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./397/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./397/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./397/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./397") = 0 mkdir("./398", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6276 attached [pid 6276] set_robust_list(0x555556b3a6e0, 24 [pid 5078] <... clone resumed>, child_tidptr=0x555556b3a6d0) = 6276 [pid 6276] <... set_robust_list resumed>) = 0 [pid 6276] chdir("./398") = 0 [pid 6276] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6276] setpgid(0, 0) = 0 [pid 6276] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6276] write(3, "1000", 4) = 4 [pid 6276] close(3) = 0 [pid 6276] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6276] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6276] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6276] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6276] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6277], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6277 [pid 6276] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6276] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6277 attached [pid 6277] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6277] memfd_create("syzkaller", 0) = 3 [pid 6277] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6277] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6277] munmap(0x7f2656609000, 131072) = 0 [pid 6277] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6277] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6277] close(3) = 0 [pid 6277] mkdir("./file2", 0777) = 0 [pid 6277] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6277] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6277] chdir("./file2") = 0 [pid 6277] ioctl(4, LOOP_CLR_FD) = 0 [pid 6277] close(4) = 0 [pid 6277] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6276] <... futex resumed>) = 0 [pid 6277] <... futex resumed>) = 1 [pid 6276] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6277] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6276] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6277] <... openat resumed>) = 4 [pid 6277] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6276] <... futex resumed>) = 0 [pid 6277] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6276] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6276] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6277] <... openat resumed>) = 5 [pid 6277] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6276] <... futex resumed>) = 0 [pid 6277] write(4, "\x00\x00", 2 [pid 6276] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6276] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6277] <... write resumed>) = 2 [pid 6277] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6276] <... futex resumed>) = 0 [pid 6277] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6276] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6276] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6276] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6277] <... mmap resumed>) = 0x20000000 [pid 6277] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6276] <... mmap resumed>) = 0x7f2656608000 [pid 6277] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6276] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6276] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6278], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6278 [pid 6276] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6276] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6278 attached [pid 6278] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6278] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6278] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6278] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6276] <... futex resumed>) = 0 [pid 6276] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6276] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6277] <... futex resumed>) = 0 [pid 6277] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6277] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6276] <... futex resumed>) = 0 [pid 6277] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6276] exit_group(0 [pid 6277] <... futex resumed>) = ? [pid 6276] <... exit_group resumed>) = ? [pid 6277] +++ exited with 0 +++ [pid 6278] <... futex resumed>) = ? [pid 6278] +++ exited with 0 +++ [pid 6276] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6276, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./398", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./398", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./398/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./398/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./398/binderfs") = 0 umount2("./398/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./398/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./398/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./398/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./398/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./398/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./398") = 0 [ 115.340583][ T6277] loop0: detected capacity change from 0 to 256 [ 115.349224][ T6277] exfat: Deprecated parameter 'utf8' [ 115.359284][ T6277] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) mkdir("./399", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6279 ./strace-static-x86_64: Process 6279 attached [pid 6279] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6279] chdir("./399") = 0 [pid 6279] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6279] setpgid(0, 0) = 0 [pid 6279] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6279] write(3, "1000", 4) = 4 [pid 6279] close(3) = 0 [pid 6279] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6279] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6279] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6279] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6279] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6280], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6280 ./strace-static-x86_64: Process 6280 attached [pid 6280] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6280] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6279] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6280] <... futex resumed>) = 0 [pid 6279] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6280] memfd_create("syzkaller", 0) = 3 [pid 6280] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6280] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6280] munmap(0x7f2656609000, 131072) = 0 [pid 6280] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6280] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6280] close(3) = 0 [pid 6280] mkdir("./file2", 0777) = 0 [pid 6280] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6280] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6280] chdir("./file2") = 0 [pid 6280] ioctl(4, LOOP_CLR_FD) = 0 [pid 6280] close(4) = 0 [pid 6280] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6279] <... futex resumed>) = 0 [pid 6279] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6279] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6280] <... futex resumed>) = 1 [pid 6280] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6280] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6279] <... futex resumed>) = 0 [pid 6279] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6279] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6280] <... futex resumed>) = 1 [pid 6280] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6280] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6279] <... futex resumed>) = 0 [pid 6279] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6279] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6280] <... futex resumed>) = 1 [pid 6280] write(4, "\x00\x00", 2) = 2 [pid 6280] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6279] <... futex resumed>) = 0 [pid 6279] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6279] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6279] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6279] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6279] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6281 attached , parent_tid=[6281], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6281 [pid 6279] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6279] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6280] <... futex resumed>) = 1 [pid 6280] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6281] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6280] <... mmap resumed>) = 0x20000000 [pid 6281] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6280] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6280] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6281] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6281] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6279] <... futex resumed>) = 0 [pid 6279] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6279] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6280] <... futex resumed>) = 0 [pid 6280] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6280] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6279] <... futex resumed>) = 0 [pid 6279] exit_group(0) = ? [pid 6280] <... futex resumed>) = ? [pid 6280] +++ exited with 0 +++ [pid 6281] <... futex resumed>) = ? [pid 6281] +++ exited with 0 +++ [pid 6279] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6279, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./399", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./399", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./399/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./399/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./399/binderfs") = 0 umount2("./399/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./399/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./399/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./399/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./399/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./399/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./399") = 0 mkdir("./400", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6282 ./strace-static-x86_64: Process 6282 attached [ 115.449772][ T6280] loop0: detected capacity change from 0 to 256 [ 115.458944][ T6280] exfat: Deprecated parameter 'utf8' [ 115.470486][ T6280] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6282] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6282] chdir("./400") = 0 [pid 6282] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6282] setpgid(0, 0) = 0 [pid 6282] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6282] write(3, "1000", 4) = 4 [pid 6282] close(3) = 0 [pid 6282] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6282] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6282] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6282] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6282] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6283], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6283 [pid 6282] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6282] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6283 attached [pid 6283] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6283] memfd_create("syzkaller", 0) = 3 [pid 6283] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6283] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6283] munmap(0x7f2656609000, 131072) = 0 [pid 6283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6283] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6283] close(3) = 0 [pid 6283] mkdir("./file2", 0777) = 0 [pid 6283] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6283] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6283] chdir("./file2") = 0 [pid 6283] ioctl(4, LOOP_CLR_FD) = 0 [pid 6283] close(4) = 0 [pid 6283] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6282] <... futex resumed>) = 0 [pid 6283] <... futex resumed>) = 1 [pid 6282] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6283] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6282] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6283] <... openat resumed>) = 4 [pid 6283] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6282] <... futex resumed>) = 0 [pid 6283] <... futex resumed>) = 1 [pid 6282] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6282] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6283] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6283] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6282] <... futex resumed>) = 0 [pid 6282] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6282] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6283] write(4, "\x00\x00", 2) = 2 [pid 6283] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6282] <... futex resumed>) = 0 [pid 6282] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6282] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6282] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6282] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6282] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6284], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6284 [pid 6282] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6282] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6283] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0./strace-static-x86_64: Process 6284 attached [pid 6284] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6284] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6283] <... mmap resumed>) = 0x20000000 [pid 6283] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6284] <... openat resumed>) = 6 [pid 6283] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6284] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6282] <... futex resumed>) = 0 [pid 6284] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6282] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6282] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6283] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6283] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 6283] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6282] <... futex resumed>) = 0 [pid 6283] <... futex resumed>) = 1 [pid 6282] exit_group(0 [pid 6284] <... futex resumed>) = ? [pid 6282] <... exit_group resumed>) = ? [pid 6284] +++ exited with 0 +++ [pid 6283] +++ exited with 0 +++ [pid 6282] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6282, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./400", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./400", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./400/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./400/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./400/binderfs") = 0 [ 115.548617][ T6283] loop0: detected capacity change from 0 to 256 [ 115.559015][ T6283] exfat: Deprecated parameter 'utf8' [ 115.570998][ T6283] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./400/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./400/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./400/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./400/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./400/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./400/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./400") = 0 mkdir("./401", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6285 ./strace-static-x86_64: Process 6285 attached [pid 6285] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6285] chdir("./401") = 0 [pid 6285] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6285] setpgid(0, 0) = 0 [pid 6285] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6285] write(3, "1000", 4) = 4 [pid 6285] close(3) = 0 [pid 6285] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6285] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6285] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6285] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6285] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6286 attached [pid 6286] set_robust_list(0x7f265ea299e0, 24 [pid 6285] <... clone resumed>, parent_tid=[6286], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6286 [pid 6286] <... set_robust_list resumed>) = 0 [pid 6286] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6285] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6285] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6286] <... futex resumed>) = 0 [pid 6286] memfd_create("syzkaller", 0) = 3 [pid 6286] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6286] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6286] munmap(0x7f2656609000, 131072) = 0 [pid 6286] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6286] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6286] close(3) = 0 [pid 6286] mkdir("./file2", 0777) = 0 [pid 6286] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6286] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6286] chdir("./file2") = 0 [pid 6286] ioctl(4, LOOP_CLR_FD) = 0 [pid 6286] close(4) = 0 [pid 6286] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6285] <... futex resumed>) = 0 [pid 6286] <... futex resumed>) = 1 [pid 6285] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6286] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6285] <... futex resumed>) = 0 [pid 6285] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6286] <... openat resumed>) = 4 [pid 6286] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6285] <... futex resumed>) = 0 [pid 6285] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6285] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6286] <... futex resumed>) = 1 [pid 6286] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6286] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6285] <... futex resumed>) = 0 [pid 6285] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6285] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6286] write(4, "\x00\x00", 2) = 2 [pid 6286] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6285] <... futex resumed>) = 0 [pid 6285] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6285] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6285] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6285] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6285] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6287 attached , parent_tid=[6287], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6287 [pid 6285] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6287] set_robust_list(0x7f26566289e0, 24 [pid 6285] <... futex resumed>) = 0 [pid 6285] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6287] <... set_robust_list resumed>) = 0 [pid 6287] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6286] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6287] <... openat resumed>) = 6 [pid 6287] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6285] <... futex resumed>) = 0 [pid 6285] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6285] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6287] getdents64(6, [pid 6286] <... mmap resumed>) = 0x20000000 [pid 6287] <... getdents64 resumed>NULL, 32776) = -1 EFAULT (Bad address) [pid 6287] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6286] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6285] <... futex resumed>) = 0 [pid 6287] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6286] <... futex resumed>) = 0 [pid 6285] exit_group(0 [pid 6287] <... futex resumed>) = ? [pid 6285] <... exit_group resumed>) = ? [pid 6287] +++ exited with 0 +++ [pid 6286] +++ exited with 0 +++ [pid 6285] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6285, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./401", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./401", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./401/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./401/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./401/binderfs") = 0 [ 115.661792][ T6286] loop0: detected capacity change from 0 to 256 [ 115.671814][ T6286] exfat: Deprecated parameter 'utf8' [ 115.682160][ T6286] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./401/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./401/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./401/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./401/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./401/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./401/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./401") = 0 mkdir("./402", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6288 ./strace-static-x86_64: Process 6288 attached [pid 6288] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6288] chdir("./402") = 0 [pid 6288] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6288] setpgid(0, 0) = 0 [pid 6288] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6288] write(3, "1000", 4) = 4 [pid 6288] close(3) = 0 [pid 6288] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6288] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6288] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6288] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6288] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6289 attached , parent_tid=[6289], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6289 [pid 6289] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6289] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6288] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6289] <... futex resumed>) = 0 [pid 6288] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6289] memfd_create("syzkaller", 0) = 3 [pid 6289] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6289] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6289] munmap(0x7f2656609000, 131072) = 0 [pid 6289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6289] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6289] close(3) = 0 [pid 6289] mkdir("./file2", 0777) = 0 [pid 6289] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6289] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6289] chdir("./file2") = 0 [pid 6289] ioctl(4, LOOP_CLR_FD) = 0 [pid 6289] close(4) = 0 [pid 6289] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6288] <... futex resumed>) = 0 [pid 6288] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6288] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6289] <... futex resumed>) = 1 [pid 6289] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6289] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6288] <... futex resumed>) = 0 [pid 6288] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6288] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6289] <... futex resumed>) = 1 [pid 6289] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6289] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6288] <... futex resumed>) = 0 [pid 6289] <... futex resumed>) = 1 [pid 6289] write(4, "\x00\x00", 2 [pid 6288] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6289] <... write resumed>) = 2 [pid 6288] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6289] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6288] <... futex resumed>) = 0 [pid 6289] <... futex resumed>) = 1 [pid 6289] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6288] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6288] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6288] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6289] <... mmap resumed>) = 0x20000000 [pid 6288] <... mmap resumed>) = 0x7f2656608000 [pid 6288] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6288] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6290 attached [pid 6290] set_robust_list(0x7f26566289e0, 24 [pid 6288] <... clone resumed>, parent_tid=[6290], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6290 [pid 6290] <... set_robust_list resumed>) = 0 [pid 6288] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6290] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6288] <... futex resumed>) = 0 [pid 6290] openat(AT_FDCWD, "", O_RDONLY [pid 6288] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6290] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 6290] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6288] <... futex resumed>) = 0 [pid 6290] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6288] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6290] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6288] <... futex resumed>) = 0 [pid 6290] getdents64(-1, [pid 6288] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6290] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6290] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6288] <... futex resumed>) = 0 [pid 6290] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6289] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6289] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6288] exit_group(0 [pid 6290] <... futex resumed>) = ? [pid 6289] <... futex resumed>) = ? [pid 6288] <... exit_group resumed>) = ? [pid 6289] +++ exited with 0 +++ [pid 6290] +++ exited with 0 +++ [pid 6288] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6288, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./402", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./402", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./402/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./402/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 115.779480][ T6289] loop0: detected capacity change from 0 to 256 [ 115.788787][ T6289] exfat: Deprecated parameter 'utf8' [ 115.799408][ T6289] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) unlink("./402/binderfs") = 0 umount2("./402/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./402/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./402/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./402/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./402/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./402/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./402") = 0 mkdir("./403", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6291 ./strace-static-x86_64: Process 6291 attached [pid 6291] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6291] chdir("./403") = 0 [pid 6291] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6291] setpgid(0, 0) = 0 [pid 6291] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6291] write(3, "1000", 4) = 4 [pid 6291] close(3) = 0 [pid 6291] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6291] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6291] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6291] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6291] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6292], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6292 ./strace-static-x86_64: Process 6292 attached [pid 6291] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6291] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6292] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6292] memfd_create("syzkaller", 0) = 3 [pid 6292] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6292] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6292] munmap(0x7f2656609000, 131072) = 0 [pid 6292] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6292] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6292] close(3) = 0 [pid 6292] mkdir("./file2", 0777) = 0 [pid 6292] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6292] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6292] chdir("./file2") = 0 [pid 6292] ioctl(4, LOOP_CLR_FD) = 0 [pid 6292] close(4) = 0 [pid 6292] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6291] <... futex resumed>) = 0 [pid 6292] <... futex resumed>) = 1 [pid 6291] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6292] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6291] <... futex resumed>) = 0 [pid 6292] <... openat resumed>) = 4 [pid 6291] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6292] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6291] <... futex resumed>) = 0 [pid 6292] <... futex resumed>) = 1 [pid 6291] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6291] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6292] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6292] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6291] <... futex resumed>) = 0 [pid 6291] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6291] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6292] write(4, "\x00\x00", 2) = 2 [pid 6292] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6291] <... futex resumed>) = 0 [pid 6292] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6291] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6292] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6291] <... futex resumed>) = 0 [pid 6292] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6291] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6291] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6291] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6292] <... mmap resumed>) = 0x20000000 [pid 6291] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6292] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6291] <... clone resumed>, parent_tid=[6293], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6293 ./strace-static-x86_64: Process 6293 attached [pid 6292] <... futex resumed>) = 0 [pid 6291] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6293] set_robust_list(0x7f26566289e0, 24 [pid 6292] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6291] <... futex resumed>) = 0 [pid 6291] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6293] <... set_robust_list resumed>) = 0 [pid 6293] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6293] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6293] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6291] <... futex resumed>) = 0 [pid 6291] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6291] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6292] <... futex resumed>) = 0 [pid 6292] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6292] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6291] <... futex resumed>) = 0 [pid 6291] exit_group(0) = ? [pid 6292] <... futex resumed>) = ? [pid 6292] +++ exited with 0 +++ [pid 6293] +++ exited with 0 +++ [pid 6291] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6291, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./403", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./403", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./403/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./403/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./403/binderfs") = 0 [ 115.904556][ T6292] loop0: detected capacity change from 0 to 256 [ 115.913652][ T6292] exfat: Deprecated parameter 'utf8' [ 115.923609][ T6292] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./403/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./403/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./403/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./403/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./403/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./403/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./403") = 0 mkdir("./404", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6294 ./strace-static-x86_64: Process 6294 attached [pid 6294] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6294] chdir("./404") = 0 [pid 6294] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6294] setpgid(0, 0) = 0 [pid 6294] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6294] write(3, "1000", 4) = 4 [pid 6294] close(3) = 0 [pid 6294] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6294] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6294] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6294] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6294] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6295 attached , parent_tid=[6295], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6295 [pid 6295] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6295] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6294] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6295] <... futex resumed>) = 0 [pid 6294] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6295] memfd_create("syzkaller", 0) = 3 [pid 6295] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6295] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6295] munmap(0x7f2656609000, 131072) = 0 [pid 6295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6295] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6295] close(3) = 0 [pid 6295] mkdir("./file2", 0777) = 0 [pid 6295] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6295] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6295] chdir("./file2") = 0 [pid 6295] ioctl(4, LOOP_CLR_FD) = 0 [pid 6295] close(4) = 0 [pid 6295] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6294] <... futex resumed>) = 0 [pid 6295] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6294] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6294] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6295] <... openat resumed>) = 4 [pid 6295] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6294] <... futex resumed>) = 0 [pid 6294] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6294] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6295] <... futex resumed>) = 1 [pid 6295] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6295] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6294] <... futex resumed>) = 0 [pid 6294] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6294] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6295] <... futex resumed>) = 1 [pid 6295] write(4, "\x00\x00", 2) = 2 [pid 6295] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6294] <... futex resumed>) = 0 [pid 6295] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6294] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6294] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6294] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6294] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6294] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6296], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6296 ./strace-static-x86_64: Process 6296 attached [pid 6294] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6294] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6296] set_robust_list(0x7f26566289e0, 24 [pid 6295] <... futex resumed>) = 0 [pid 6295] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6296] <... set_robust_list resumed>) = 0 [pid 6295] <... mmap resumed>) = 0x20000000 [pid 6296] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6295] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6295] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6296] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6296] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6294] <... futex resumed>) = 0 [pid 6296] <... futex resumed>) = 1 [pid 6294] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6295] <... futex resumed>) = 0 [pid 6294] <... futex resumed>) = 1 [pid 6295] getdents64(-1, [pid 6294] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6295] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6295] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6294] <... futex resumed>) = 0 [pid 6296] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6295] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6294] exit_group(0) = ? [pid 6295] <... futex resumed>) = ? [pid 6295] +++ exited with 0 +++ [pid 6296] <... futex resumed>) = ? [pid 6296] +++ exited with 0 +++ [pid 6294] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6294, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./404", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./404", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./404/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./404/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./404/binderfs") = 0 umount2("./404/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./404/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./404/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 116.021590][ T6295] loop0: detected capacity change from 0 to 256 [ 116.031748][ T6295] exfat: Deprecated parameter 'utf8' [ 116.041672][ T6295] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./404/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./404/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./404/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./404") = 0 mkdir("./405", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6297 ./strace-static-x86_64: Process 6297 attached [pid 6297] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6297] chdir("./405") = 0 [pid 6297] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6297] setpgid(0, 0) = 0 [pid 6297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6297] write(3, "1000", 4) = 4 [pid 6297] close(3) = 0 [pid 6297] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6297] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6297] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6297] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6297] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6298 attached [pid 6298] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6298] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6297] <... clone resumed>, parent_tid=[6298], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6298 [pid 6297] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6298] <... futex resumed>) = 0 [pid 6297] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6298] memfd_create("syzkaller", 0) = 3 [pid 6298] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6298] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6298] munmap(0x7f2656609000, 131072) = 0 [pid 6298] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6298] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6298] close(3) = 0 [pid 6298] mkdir("./file2", 0777) = 0 [pid 6298] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6298] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6298] chdir("./file2") = 0 [pid 6298] ioctl(4, LOOP_CLR_FD) = 0 [pid 6298] close(4) = 0 [pid 6298] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6298] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6297] <... futex resumed>) = 0 [pid 6297] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6298] <... futex resumed>) = 0 [pid 6297] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6298] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6298] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6297] <... futex resumed>) = 0 [pid 6298] <... futex resumed>) = 1 [pid 6297] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6298] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6297] <... futex resumed>) = 0 [pid 6297] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6298] <... openat resumed>) = 5 [pid 6298] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6297] <... futex resumed>) = 0 [pid 6298] write(4, "\x00\x00", 2 [pid 6297] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6297] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6298] <... write resumed>) = 2 [pid 6298] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6297] <... futex resumed>) = 0 [pid 6298] <... futex resumed>) = 1 [pid 6297] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6297] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6297] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6297] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6297] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6299 attached [pid 6299] set_robust_list(0x7f26566289e0, 24 [pid 6297] <... clone resumed>, parent_tid=[6299], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6299 [pid 6299] <... set_robust_list resumed>) = 0 [pid 6297] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6299] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6297] <... futex resumed>) = 0 [pid 6297] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6298] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6298] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6299] <... openat resumed>) = 6 [pid 6298] <... futex resumed>) = 0 [pid 6299] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6297] <... futex resumed>) = 0 [pid 6299] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6297] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6297] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6298] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 6298] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6297] <... futex resumed>) = 0 [pid 6297] exit_group(0 [pid 6299] <... futex resumed>) = ? [pid 6297] <... exit_group resumed>) = ? [pid 6299] +++ exited with 0 +++ [pid 6298] +++ exited with 0 +++ [pid 6297] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6297, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./405", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./405", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./405/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 116.137417][ T6298] loop0: detected capacity change from 0 to 256 [ 116.146890][ T6298] exfat: Deprecated parameter 'utf8' [ 116.157800][ T6298] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) lstat("./405/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./405/binderfs") = 0 umount2("./405/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./405/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./405/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./405/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./405/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./405/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./405") = 0 mkdir("./406", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6300 ./strace-static-x86_64: Process 6300 attached [pid 6300] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6300] chdir("./406") = 0 [pid 6300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6300] setpgid(0, 0) = 0 [pid 6300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6300] write(3, "1000", 4) = 4 [pid 6300] close(3) = 0 [pid 6300] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6300] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6300] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6300] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6300] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6301 attached , parent_tid=[6301], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6301 [pid 6301] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6300] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6300] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6301] memfd_create("syzkaller", 0) = 3 [pid 6301] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6301] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6301] munmap(0x7f2656609000, 131072) = 0 [pid 6301] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6301] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6301] close(3) = 0 [pid 6301] mkdir("./file2", 0777) = 0 [pid 6301] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6301] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6301] chdir("./file2") = 0 [pid 6301] ioctl(4, LOOP_CLR_FD) = 0 [pid 6301] close(4) = 0 [pid 6301] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6300] <... futex resumed>) = 0 [pid 6300] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6301] <... futex resumed>) = 1 [pid 6300] <... futex resumed>) = 0 [pid 6301] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6300] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6301] <... openat resumed>) = 4 [pid 6301] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6300] <... futex resumed>) = 0 [pid 6301] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6300] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6301] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6300] <... futex resumed>) = 0 [pid 6301] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6300] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6301] <... openat resumed>) = 5 [pid 6301] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6300] <... futex resumed>) = 0 [pid 6301] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6300] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6301] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6300] <... futex resumed>) = 0 [pid 6301] write(4, "\x00\x00", 2 [pid 6300] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6301] <... write resumed>) = 2 [pid 6301] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6300] <... futex resumed>) = 0 [pid 6301] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6300] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6301] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6300] <... futex resumed>) = 0 [pid 6301] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6300] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6301] <... mmap resumed>) = 0x20000000 [pid 6300] <... futex resumed>) = 0 [pid 6301] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6300] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6301] <... futex resumed>) = 0 [pid 6300] <... mmap resumed>) = 0x7f2656608000 [pid 6301] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6300] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6300] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6302 attached , parent_tid=[6302], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6302 [pid 6300] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6300] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6302] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6302] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6302] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6302] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6300] <... futex resumed>) = 0 [pid 6302] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6300] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6301] <... futex resumed>) = 0 [pid 6300] <... futex resumed>) = 1 [pid 6301] getdents64(-1, [pid 6300] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6301] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6301] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6300] <... futex resumed>) = 0 [pid 6301] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6300] exit_group(0 [pid 6302] <... futex resumed>) = ? [pid 6301] <... futex resumed>) = ? [pid 6300] <... exit_group resumed>) = ? [pid 6302] +++ exited with 0 +++ [pid 6301] +++ exited with 0 +++ [pid 6300] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6300, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./406", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./406", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./406/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./406/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./406/binderfs") = 0 umount2("./406/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./406/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./406/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 116.270892][ T6301] loop0: detected capacity change from 0 to 256 [ 116.279652][ T6301] exfat: Deprecated parameter 'utf8' [ 116.290844][ T6301] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./406/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./406/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./406/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./406") = 0 mkdir("./407", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6303 ./strace-static-x86_64: Process 6303 attached [pid 6303] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6303] chdir("./407") = 0 [pid 6303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6303] setpgid(0, 0) = 0 [pid 6303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6303] write(3, "1000", 4) = 4 [pid 6303] close(3) = 0 [pid 6303] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6303] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6303] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6303] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6303] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6304 attached , parent_tid=[6304], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6304 [pid 6303] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6304] set_robust_list(0x7f265ea299e0, 24 [pid 6303] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6304] <... set_robust_list resumed>) = 0 [pid 6304] memfd_create("syzkaller", 0) = 3 [pid 6304] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6304] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6304] munmap(0x7f2656609000, 131072) = 0 [pid 6304] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6304] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6304] close(3) = 0 [pid 6304] mkdir("./file2", 0777) = 0 [pid 6304] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6304] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6304] chdir("./file2") = 0 [pid 6304] ioctl(4, LOOP_CLR_FD) = 0 [pid 6304] close(4) = 0 [pid 6304] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6303] <... futex resumed>) = 0 [pid 6303] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6304] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6303] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6304] <... openat resumed>) = 4 [pid 6304] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6303] <... futex resumed>) = 0 [pid 6304] <... futex resumed>) = 1 [pid 6303] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6304] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6303] <... futex resumed>) = 0 [pid 6303] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6304] <... openat resumed>) = 5 [pid 6304] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6303] <... futex resumed>) = 0 [pid 6304] <... futex resumed>) = 1 [pid 6303] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6304] write(4, "\x00\x00", 2 [pid 6303] <... futex resumed>) = 0 [pid 6304] <... write resumed>) = 2 [pid 6303] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6304] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6303] <... futex resumed>) = 0 [pid 6304] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6303] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6304] <... mmap resumed>) = 0x20000000 [pid 6303] <... futex resumed>) = 0 [pid 6304] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6303] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6304] <... futex resumed>) = 0 [pid 6303] <... futex resumed>) = 0 [pid 6304] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6303] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6303] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6303] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6305 attached , parent_tid=[6305], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6305 [pid 6303] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6303] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6305] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6305] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6305] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6305] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6303] <... futex resumed>) = 0 [pid 6305] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6303] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6304] <... futex resumed>) = 0 [pid 6303] <... futex resumed>) = 1 [pid 6304] getdents64(-1, [pid 6303] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6304] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6304] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6303] <... futex resumed>) = 0 [pid 6304] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6303] exit_group(0 [pid 6305] <... futex resumed>) = ? [pid 6304] <... futex resumed>) = ? [pid 6303] <... exit_group resumed>) = ? [pid 6305] +++ exited with 0 +++ [pid 6304] +++ exited with 0 +++ [pid 6303] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6303, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./407", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./407", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./407/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./407/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./407/binderfs") = 0 [ 116.389330][ T6304] loop0: detected capacity change from 0 to 256 [ 116.399456][ T6304] exfat: Deprecated parameter 'utf8' [ 116.410128][ T6304] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./407/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./407/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./407/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./407/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./407/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./407/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./407") = 0 mkdir("./408", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6306 ./strace-static-x86_64: Process 6306 attached [pid 6306] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6306] chdir("./408") = 0 [pid 6306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6306] setpgid(0, 0) = 0 [pid 6306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6306] write(3, "1000", 4) = 4 [pid 6306] close(3) = 0 [pid 6306] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6306] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6306] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6306] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6307 attached [pid 6307] set_robust_list(0x7f265ea299e0, 24 [pid 6306] <... clone resumed>, parent_tid=[6307], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6307 [pid 6307] <... set_robust_list resumed>) = 0 [pid 6307] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6306] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6306] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6307] <... futex resumed>) = 0 [pid 6307] memfd_create("syzkaller", 0) = 3 [pid 6307] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6307] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6307] munmap(0x7f2656609000, 131072) = 0 [pid 6307] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6307] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6307] close(3) = 0 [pid 6307] mkdir("./file2", 0777) = 0 [pid 6307] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6307] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6307] chdir("./file2") = 0 [pid 6307] ioctl(4, LOOP_CLR_FD) = 0 [pid 6307] close(4) = 0 [pid 6307] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6306] <... futex resumed>) = 0 [pid 6307] <... futex resumed>) = 1 [pid 6306] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6307] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6306] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6307] <... openat resumed>) = 4 [pid 6307] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6306] <... futex resumed>) = 0 [pid 6307] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6306] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6306] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6307] <... openat resumed>) = 5 [pid 6307] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6306] <... futex resumed>) = 0 [pid 6307] write(4, "\x00\x00", 2 [pid 6306] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6307] <... write resumed>) = 2 [pid 6306] <... futex resumed>) = 0 [pid 6306] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6307] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6306] <... futex resumed>) = 0 [pid 6307] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6306] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6307] <... mmap resumed>) = 0x20000000 [pid 6306] <... futex resumed>) = 0 [pid 6306] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6307] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6307] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6306] <... mmap resumed>) = 0x7f2656608000 [pid 6306] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6306] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6308 attached , parent_tid=[6308], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6308 [pid 6308] set_robust_list(0x7f26566289e0, 24 [pid 6306] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6308] <... set_robust_list resumed>) = 0 [pid 6306] <... futex resumed>) = 0 [pid 6308] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6306] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6308] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6308] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6306] <... futex resumed>) = 0 [pid 6308] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6306] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6307] <... futex resumed>) = 0 [pid 6306] <... futex resumed>) = 1 [pid 6307] getdents64(-1, [pid 6306] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6307] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6307] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6306] <... futex resumed>) = 0 [pid 6307] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6306] exit_group(0 [pid 6307] <... futex resumed>) = ? [pid 6306] <... exit_group resumed>) = ? [pid 6307] +++ exited with 0 +++ [pid 6308] <... futex resumed>) = ? [pid 6308] +++ exited with 0 +++ [pid 6306] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6306, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./408", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./408", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./408/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./408/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./408/binderfs") = 0 umount2("./408/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./408/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./408/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./408/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./408/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 [ 116.504490][ T6307] loop0: detected capacity change from 0 to 256 [ 116.515022][ T6307] exfat: Deprecated parameter 'utf8' [ 116.526531][ T6307] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) rmdir("./408/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./408") = 0 mkdir("./409", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6309 ./strace-static-x86_64: Process 6309 attached [pid 6309] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6309] chdir("./409") = 0 [pid 6309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6309] setpgid(0, 0) = 0 [pid 6309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6309] write(3, "1000", 4) = 4 [pid 6309] close(3) = 0 [pid 6309] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6309] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6309] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6309] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6309] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6310], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6310 [pid 6309] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6309] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6310 attached [pid 6310] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6310] memfd_create("syzkaller", 0) = 3 [pid 6310] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6310] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6310] munmap(0x7f2656609000, 131072) = 0 [pid 6310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6310] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6310] close(3) = 0 [pid 6310] mkdir("./file2", 0777) = 0 [pid 6310] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6310] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6310] chdir("./file2") = 0 [pid 6310] ioctl(4, LOOP_CLR_FD) = 0 [pid 6310] close(4) = 0 [pid 6310] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6309] <... futex resumed>) = 0 [pid 6309] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6309] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6310] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6310] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6309] <... futex resumed>) = 0 [pid 6309] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6309] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6310] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6310] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6310] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6309] <... futex resumed>) = 0 [pid 6309] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6309] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6310] <... futex resumed>) = 0 [pid 6310] write(4, "\x00\x00", 2) = 2 [pid 6310] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6309] <... futex resumed>) = 0 [pid 6310] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6309] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6310] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6309] <... futex resumed>) = 0 [pid 6310] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6309] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6310] <... mmap resumed>) = 0x20000000 [pid 6309] <... futex resumed>) = 0 [pid 6310] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6309] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6310] <... futex resumed>) = 0 [pid 6310] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6309] <... mmap resumed>) = 0x7f2656608000 [pid 6309] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6309] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6311], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6311 [pid 6309] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6309] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6311 attached [pid 6311] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6311] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6311] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6311] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6309] <... futex resumed>) = 0 [pid 6309] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6310] <... futex resumed>) = 0 [pid 6309] <... futex resumed>) = 1 [pid 6310] getdents64(-1, [pid 6309] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6310] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6310] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6309] <... futex resumed>) = 0 [pid 6310] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6309] exit_group(0 [pid 6310] <... futex resumed>) = ? [pid 6309] <... exit_group resumed>) = ? [pid 6310] +++ exited with 0 +++ [pid 6311] <... futex resumed>) = ? [pid 6311] +++ exited with 0 +++ [pid 6309] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6309, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./409", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./409", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./409/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./409/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./409/binderfs") = 0 [ 116.617794][ T6310] loop0: detected capacity change from 0 to 256 [ 116.626914][ T6310] exfat: Deprecated parameter 'utf8' [ 116.638329][ T6310] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./409/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./409/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./409/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./409/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./409/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./409/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./409") = 0 mkdir("./410", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6312 attached , child_tidptr=0x555556b3a6d0) = 6312 [pid 6312] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6312] chdir("./410") = 0 [pid 6312] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6312] setpgid(0, 0) = 0 [pid 6312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6312] write(3, "1000", 4) = 4 [pid 6312] close(3) = 0 [pid 6312] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6312] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6312] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6312] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6313 attached , parent_tid=[6313], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6313 [pid 6312] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6313] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6312] <... futex resumed>) = 0 [pid 6312] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6313] memfd_create("syzkaller", 0) = 3 [pid 6313] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6313] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6313] munmap(0x7f2656609000, 131072) = 0 [pid 6313] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6313] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6313] close(3) = 0 [pid 6313] mkdir("./file2", 0777) = 0 [pid 6313] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6313] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6313] chdir("./file2") = 0 [pid 6313] ioctl(4, LOOP_CLR_FD) = 0 [pid 6313] close(4) = 0 [pid 6313] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6312] <... futex resumed>) = 0 [pid 6313] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6312] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6312] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6313] <... openat resumed>) = 4 [pid 6313] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6312] <... futex resumed>) = 0 [pid 6313] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6312] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6312] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6313] <... openat resumed>) = 5 [pid 6313] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6312] <... futex resumed>) = 0 [pid 6313] write(4, "\x00\x00", 2 [pid 6312] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6313] <... write resumed>) = 2 [pid 6312] <... futex resumed>) = 0 [pid 6313] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6312] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6313] <... futex resumed>) = 0 [pid 6312] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6313] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6312] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6313] <... mmap resumed>) = 0x20000000 [pid 6312] <... futex resumed>) = 0 [pid 6313] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6312] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6313] <... futex resumed>) = 0 [pid 6312] <... futex resumed>) = 0 [pid 6313] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6312] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6312] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6314], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6314 [pid 6312] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6312] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6314 attached [pid 6314] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6314] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6314] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6314] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6312] <... futex resumed>) = 0 [pid 6312] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6313] <... futex resumed>) = 0 [pid 6312] <... futex resumed>) = 1 [pid 6313] getdents64(-1, [pid 6312] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6313] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6313] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6312] <... futex resumed>) = 0 [pid 6313] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6312] exit_group(0 [pid 6313] <... futex resumed>) = ? [pid 6312] <... exit_group resumed>) = ? [pid 6313] +++ exited with 0 +++ [pid 6314] +++ exited with 0 +++ [pid 6312] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6312, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./410", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./410", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./410/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./410/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./410/binderfs") = 0 [ 116.752591][ T6313] loop0: detected capacity change from 0 to 256 [ 116.764521][ T6313] exfat: Deprecated parameter 'utf8' [ 116.775219][ T6313] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./410/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./410/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./410/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./410/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./410/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./410/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./410") = 0 mkdir("./411", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6315 ./strace-static-x86_64: Process 6315 attached [pid 6315] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6315] chdir("./411") = 0 [pid 6315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6315] setpgid(0, 0) = 0 [pid 6315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6315] write(3, "1000", 4) = 4 [pid 6315] close(3) = 0 [pid 6315] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6315] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6315] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6315] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6315] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6316 attached , parent_tid=[6316], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6316 [pid 6316] set_robust_list(0x7f265ea299e0, 24 [pid 6315] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6316] <... set_robust_list resumed>) = 0 [pid 6315] <... futex resumed>) = 0 [pid 6315] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6316] memfd_create("syzkaller", 0) = 3 [pid 6316] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6316] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6316] munmap(0x7f2656609000, 131072) = 0 [pid 6316] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6316] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6316] close(3) = 0 [pid 6316] mkdir("./file2", 0777) = 0 [pid 6316] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6316] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6316] chdir("./file2") = 0 [pid 6316] ioctl(4, LOOP_CLR_FD) = 0 [pid 6316] close(4) = 0 [pid 6316] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6316] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6315] <... futex resumed>) = 0 [pid 6315] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6315] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6316] <... futex resumed>) = 0 [pid 6316] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6316] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6315] <... futex resumed>) = 0 [pid 6315] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6315] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6316] <... futex resumed>) = 1 [pid 6316] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6316] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6315] <... futex resumed>) = 0 [pid 6315] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6315] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6316] <... futex resumed>) = 1 [pid 6316] write(4, "\x00\x00", 2) = 2 [pid 6316] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6315] <... futex resumed>) = 0 [pid 6316] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6315] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6316] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6315] <... futex resumed>) = 0 [pid 6315] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6315] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6315] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6316] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6315] <... mprotect resumed>) = 0 [pid 6316] <... mmap resumed>) = 0x20000000 [pid 6315] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6316] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6316] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6315] <... clone resumed>, parent_tid=[6317], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6317 ./strace-static-x86_64: Process 6317 attached [pid 6315] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6315] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6317] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6317] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6317] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6317] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6315] <... futex resumed>) = 0 [pid 6317] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6315] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6316] <... futex resumed>) = 0 [pid 6315] <... futex resumed>) = 1 [pid 6316] getdents64(-1, [pid 6315] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6316] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6316] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6315] <... futex resumed>) = 0 [pid 6316] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6315] exit_group(0 [pid 6317] <... futex resumed>) = ? [pid 6316] <... futex resumed>) = ? [pid 6315] <... exit_group resumed>) = ? [pid 6317] +++ exited with 0 +++ [pid 6316] +++ exited with 0 +++ [pid 6315] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6315, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./411", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./411", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./411/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./411/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./411/binderfs") = 0 umount2("./411/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 116.862370][ T6316] loop0: detected capacity change from 0 to 256 [ 116.871754][ T6316] exfat: Deprecated parameter 'utf8' [ 116.881345][ T6316] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./411/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./411/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./411/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./411/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./411/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./411") = 0 mkdir("./412", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6318 ./strace-static-x86_64: Process 6318 attached [pid 6318] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6318] chdir("./412") = 0 [pid 6318] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6318] setpgid(0, 0) = 0 [pid 6318] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6318] write(3, "1000", 4) = 4 [pid 6318] close(3) = 0 [pid 6318] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6318] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6318] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6318] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6318] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6319], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6319 ./strace-static-x86_64: Process 6319 attached [pid 6318] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6318] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6319] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6319] memfd_create("syzkaller", 0) = 3 [pid 6319] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6319] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6319] munmap(0x7f2656609000, 131072) = 0 [pid 6319] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6319] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6319] close(3) = 0 [pid 6319] mkdir("./file2", 0777) = 0 [pid 6319] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6319] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6319] chdir("./file2") = 0 [pid 6319] ioctl(4, LOOP_CLR_FD) = 0 [pid 6319] close(4) = 0 [pid 6319] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6318] <... futex resumed>) = 0 [pid 6318] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6318] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6319] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6319] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6318] <... futex resumed>) = 0 [pid 6318] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6318] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6319] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6319] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6319] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6318] <... futex resumed>) = 0 [pid 6318] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6318] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6319] <... futex resumed>) = 0 [pid 6319] write(4, "\x00\x00", 2) = 2 [pid 6319] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6318] <... futex resumed>) = 0 [pid 6318] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6318] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6318] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6318] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6318] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6320], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6320 [pid 6318] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6318] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6319] <... futex resumed>) = 1 [pid 6319] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0./strace-static-x86_64: Process 6320 attached ) = 0x20000000 [pid 6320] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6320] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6320] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6320] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6318] <... futex resumed>) = 0 [pid 6320] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6318] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6320] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6318] <... futex resumed>) = 0 [pid 6320] getdents64(-1, [pid 6318] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6320] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6320] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6319] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6318] <... futex resumed>) = 0 [pid 6320] <... futex resumed>) = 1 [pid 6320] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6319] <... futex resumed>) = 0 [pid 6318] exit_group(0) = ? [pid 6319] +++ exited with 0 +++ [pid 6320] <... futex resumed>) = ? [pid 6320] +++ exited with 0 +++ [pid 6318] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6318, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./412", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./412", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./412/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./412/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./412/binderfs") = 0 umount2("./412/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./412/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./412/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./412/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./412/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./412/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./412") = 0 mkdir("./413", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 116.979500][ T6319] loop0: detected capacity change from 0 to 256 [ 116.988044][ T6319] exfat: Deprecated parameter 'utf8' [ 116.998366][ T6319] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6321 ./strace-static-x86_64: Process 6321 attached [pid 6321] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6321] chdir("./413") = 0 [pid 6321] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6321] setpgid(0, 0) = 0 [pid 6321] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6321] write(3, "1000", 4) = 4 [pid 6321] close(3) = 0 [pid 6321] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6321] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6321] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6321] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6321] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6322 attached , parent_tid=[6322], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6322 [pid 6322] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6322] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6321] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6322] <... futex resumed>) = 0 [pid 6321] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6322] memfd_create("syzkaller", 0) = 3 [pid 6322] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6322] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6322] munmap(0x7f2656609000, 131072) = 0 [pid 6322] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6322] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6322] close(3) = 0 [pid 6322] mkdir("./file2", 0777) = 0 [pid 6322] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6322] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6322] chdir("./file2") = 0 [pid 6322] ioctl(4, LOOP_CLR_FD) = 0 [pid 6322] close(4) = 0 [pid 6322] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6322] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6321] <... futex resumed>) = 0 [pid 6321] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6322] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6321] <... futex resumed>) = 0 [pid 6321] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6322] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6322] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6321] <... futex resumed>) = 0 [pid 6322] <... futex resumed>) = 1 [pid 6321] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6322] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6321] <... futex resumed>) = 0 [pid 6321] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6322] <... openat resumed>) = 5 [pid 6322] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6321] <... futex resumed>) = 0 [pid 6322] <... futex resumed>) = 1 [pid 6322] write(4, "\x00\x00", 2 [pid 6321] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6322] <... write resumed>) = 2 [pid 6321] <... futex resumed>) = 0 [pid 6322] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6321] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6322] <... futex resumed>) = 0 [pid 6321] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6322] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6321] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6321] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6321] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6322] <... mmap resumed>) = 0x20000000 [pid 6321] <... mmap resumed>) = 0x7f2656608000 [pid 6322] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6321] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6322] <... futex resumed>) = 0 [pid 6321] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6322] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6323 attached [pid 6321] <... clone resumed>, parent_tid=[6323], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6323 [pid 6323] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6321] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6321] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6323] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6323] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6323] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6321] <... futex resumed>) = 0 [pid 6321] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6321] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6323] <... futex resumed>) = 1 [pid 6323] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6322] <... futex resumed>) = 0 [pid 6322] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6322] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6321] <... futex resumed>) = 0 [pid 6321] exit_group(0) = ? [pid 6323] <... futex resumed>) = ? [pid 6323] +++ exited with 0 +++ [pid 6322] +++ exited with 0 +++ [pid 6321] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6321, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./413", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./413", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./413/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./413/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./413/binderfs") = 0 [ 117.089379][ T6322] loop0: detected capacity change from 0 to 256 [ 117.098376][ T6322] exfat: Deprecated parameter 'utf8' [ 117.109513][ T6322] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./413/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./413/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./413/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./413/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./413/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./413/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./413") = 0 mkdir("./414", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6324 attached , child_tidptr=0x555556b3a6d0) = 6324 [pid 6324] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6324] chdir("./414") = 0 [pid 6324] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6324] setpgid(0, 0) = 0 [pid 6324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6324] write(3, "1000", 4) = 4 [pid 6324] close(3) = 0 [pid 6324] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6324] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6324] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6324] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6324] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6325], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6325 [pid 6324] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6324] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6325 attached [pid 6325] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6325] memfd_create("syzkaller", 0) = 3 [pid 6325] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6325] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6325] munmap(0x7f2656609000, 131072) = 0 [pid 6325] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6325] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6325] close(3) = 0 [pid 6325] mkdir("./file2", 0777) = 0 [pid 6325] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6325] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6325] chdir("./file2") = 0 [pid 6325] ioctl(4, LOOP_CLR_FD) = 0 [pid 6325] close(4) = 0 [pid 6325] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6324] <... futex resumed>) = 0 [pid 6324] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6324] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6325] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6325] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6324] <... futex resumed>) = 0 [pid 6324] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6324] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6325] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6325] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6324] <... futex resumed>) = 0 [pid 6324] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6324] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6325] <... futex resumed>) = 1 [pid 6325] write(4, "\x00\x00", 2) = 2 [pid 6325] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6324] <... futex resumed>) = 0 [pid 6325] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6324] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6325] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6324] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6325] <... mmap resumed>) = 0x20000000 [pid 6324] <... futex resumed>) = 0 [pid 6325] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6324] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6325] <... futex resumed>) = 0 [pid 6325] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6324] <... mmap resumed>) = 0x7f2656608000 [pid 6324] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6324] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6326 attached , parent_tid=[6326], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6326 [pid 6324] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6324] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6326] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6326] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6326] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6326] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6324] <... futex resumed>) = 0 [pid 6324] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6325] <... futex resumed>) = 0 [pid 6324] <... futex resumed>) = 1 [pid 6325] getdents64(-1, [pid 6324] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6325] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6325] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6324] <... futex resumed>) = 0 [pid 6325] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6324] exit_group(0 [pid 6325] <... futex resumed>) = ? [pid 6324] <... exit_group resumed>) = ? [pid 6325] +++ exited with 0 +++ [pid 6326] +++ exited with 0 +++ [pid 6324] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6324, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./414", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./414", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./414/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./414/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./414/binderfs") = 0 [ 117.209373][ T6325] loop0: detected capacity change from 0 to 256 [ 117.220364][ T6325] exfat: Deprecated parameter 'utf8' [ 117.231791][ T6325] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./414/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./414/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./414/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./414/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./414/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./414/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./414") = 0 mkdir("./415", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6327 ./strace-static-x86_64: Process 6327 attached [pid 6327] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6327] chdir("./415") = 0 [pid 6327] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6327] setpgid(0, 0) = 0 [pid 6327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6327] write(3, "1000", 4) = 4 [pid 6327] close(3) = 0 [pid 6327] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6327] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6327] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6327] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6327] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6328], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6328 [pid 6327] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6327] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6328 attached [pid 6328] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6328] memfd_create("syzkaller", 0) = 3 [pid 6328] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6328] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6328] munmap(0x7f2656609000, 131072) = 0 [pid 6328] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6328] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6328] close(3) = 0 [pid 6328] mkdir("./file2", 0777) = 0 [ 117.321557][ T6328] loop0: detected capacity change from 0 to 256 [ 117.328004][ T5080] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 117.328110][ T5080] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 117.341299][ T6328] exfat: Deprecated parameter 'utf8' [ 117.348101][ T5080] Buffer I/O error on dev loop0, logical block 0, async page read [pid 6328] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6328] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6328] chdir("./file2") = 0 [pid 6328] ioctl(4, LOOP_CLR_FD) = 0 [pid 6328] close(4) = 0 [pid 6328] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6327] <... futex resumed>) = 0 [pid 6327] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6327] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6328] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6328] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6327] <... futex resumed>) = 0 [pid 6327] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6327] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6328] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6328] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6327] <... futex resumed>) = 0 [pid 6327] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6327] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6328] write(4, "\x00\x00", 2) = 2 [pid 6328] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6327] <... futex resumed>) = 0 [pid 6327] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6327] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6328] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6327] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6327] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6328] <... mmap resumed>) = 0x20000000 [pid 6327] <... mprotect resumed>) = 0 [pid 6328] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6327] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6328] <... futex resumed>) = 0 [pid 6328] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6327] <... clone resumed>, parent_tid=[6329], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6329 [pid 6327] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6327] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6329 attached [pid 6329] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6329] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6329] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6329] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6327] <... futex resumed>) = 0 [pid 6327] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6328] <... futex resumed>) = 0 [pid 6327] <... futex resumed>) = 1 [pid 6328] getdents64(-1, [pid 6327] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6328] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6328] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6327] <... futex resumed>) = 0 [pid 6328] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6327] exit_group(0 [pid 6328] <... futex resumed>) = ? [pid 6327] <... exit_group resumed>) = ? [pid 6328] +++ exited with 0 +++ [pid 6329] +++ exited with 0 +++ [pid 6327] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6327, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./415", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./415", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./415/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./415/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./415/binderfs") = 0 umount2("./415/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 117.367043][ T6328] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./415/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./415/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./415/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./415/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./415/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./415") = 0 mkdir("./416", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6330 ./strace-static-x86_64: Process 6330 attached [pid 6330] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6330] chdir("./416") = 0 [pid 6330] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6330] setpgid(0, 0) = 0 [pid 6330] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6330] write(3, "1000", 4) = 4 [pid 6330] close(3) = 0 [pid 6330] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6330] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6330] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6330] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6330] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6331 attached [pid 6331] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6331] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6330] <... clone resumed>, parent_tid=[6331], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6331 [pid 6330] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6331] <... futex resumed>) = 0 [pid 6330] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6331] memfd_create("syzkaller", 0) = 3 [pid 6331] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6331] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6331] munmap(0x7f2656609000, 131072) = 0 [pid 6331] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6331] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6331] close(3) = 0 [pid 6331] mkdir("./file2", 0777) = 0 [pid 6331] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6331] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6331] chdir("./file2") = 0 [pid 6331] ioctl(4, LOOP_CLR_FD) = 0 [pid 6331] close(4) = 0 [pid 6331] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6330] <... futex resumed>) = 0 [pid 6331] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6330] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6331] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6330] <... futex resumed>) = 0 [pid 6331] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6330] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6331] <... openat resumed>) = 4 [pid 6331] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6330] <... futex resumed>) = 0 [pid 6331] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6330] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6331] <... openat resumed>) = 5 [pid 6330] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6331] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6330] <... futex resumed>) = 0 [pid 6331] write(4, "\x00\x00", 2 [pid 6330] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6331] <... write resumed>) = 2 [pid 6330] <... futex resumed>) = 0 [pid 6331] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6330] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6331] <... futex resumed>) = 0 [pid 6330] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6331] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6330] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6331] <... mmap resumed>) = 0x20000000 [pid 6330] <... futex resumed>) = 0 [pid 6331] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6330] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6331] <... futex resumed>) = 0 [pid 6330] <... futex resumed>) = 0 [pid 6331] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6330] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6330] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6330] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6332], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6332 ./strace-static-x86_64: Process 6332 attached [pid 6330] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6330] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6332] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6332] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6332] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6332] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6330] <... futex resumed>) = 0 [pid 6332] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6330] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6331] <... futex resumed>) = 0 [pid 6330] <... futex resumed>) = 1 [pid 6331] getdents64(-1, [pid 6330] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6331] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6331] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6330] <... futex resumed>) = 0 [pid 6331] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6330] exit_group(0 [pid 6332] <... futex resumed>) = ? [pid 6331] <... futex resumed>) = ? [pid 6330] <... exit_group resumed>) = ? [pid 6332] +++ exited with 0 +++ [pid 6331] +++ exited with 0 +++ [pid 6330] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6330, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./416", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./416", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./416/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./416/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./416/binderfs") = 0 [ 117.482353][ T6331] loop0: detected capacity change from 0 to 256 [ 117.492516][ T6331] exfat: Deprecated parameter 'utf8' [ 117.503401][ T6331] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./416/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./416/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./416/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./416/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./416/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./416/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./416") = 0 mkdir("./417", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6333 ./strace-static-x86_64: Process 6333 attached [pid 6333] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6333] chdir("./417") = 0 [pid 6333] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6333] setpgid(0, 0) = 0 [pid 6333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6333] write(3, "1000", 4) = 4 [pid 6333] close(3) = 0 [pid 6333] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6333] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6333] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6333] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6333] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6334 attached , parent_tid=[6334], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6334 [pid 6334] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6334] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6333] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6334] <... futex resumed>) = 0 [pid 6333] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6334] memfd_create("syzkaller", 0) = 3 [pid 6334] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6334] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6334] munmap(0x7f2656609000, 131072) = 0 [pid 6334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6334] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6334] close(3) = 0 [pid 6334] mkdir("./file2", 0777) = 0 [pid 6334] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6334] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6334] chdir("./file2") = 0 [pid 6334] ioctl(4, LOOP_CLR_FD) = 0 [pid 6334] close(4) = 0 [pid 6334] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6333] <... futex resumed>) = 0 [pid 6334] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6333] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6333] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6334] <... openat resumed>) = 4 [pid 6334] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6333] <... futex resumed>) = 0 [pid 6333] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6333] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6334] <... futex resumed>) = 1 [pid 6334] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6334] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6333] <... futex resumed>) = 0 [pid 6334] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6333] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6333] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6334] <... futex resumed>) = 0 [pid 6334] write(4, "\x00\x00", 2) = 2 [pid 6334] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6334] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6333] <... futex resumed>) = 0 [pid 6333] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6334] <... futex resumed>) = 0 [pid 6333] <... futex resumed>) = 1 [pid 6334] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6333] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6334] <... mmap resumed>) = 0x20000000 [pid 6334] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6334] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6333] <... futex resumed>) = 0 [pid 6333] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6333] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6333] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6335 attached , parent_tid=[6335], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6335 [pid 6333] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6333] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6335] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6335] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6335] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6335] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6333] <... futex resumed>) = 0 [pid 6333] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6335] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6334] <... futex resumed>) = 0 [pid 6333] <... futex resumed>) = 1 [pid 6334] getdents64(-1, [pid 6333] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6334] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6334] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6333] <... futex resumed>) = 0 [pid 6334] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6333] exit_group(0 [pid 6334] <... futex resumed>) = ? [pid 6333] <... exit_group resumed>) = ? [pid 6334] +++ exited with 0 +++ [pid 6335] <... futex resumed>) = ? [pid 6335] +++ exited with 0 +++ [pid 6333] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6333, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./417", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./417", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./417/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./417/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./417/binderfs") = 0 [ 117.609141][ T6334] loop0: detected capacity change from 0 to 256 [ 117.618067][ T6334] exfat: Deprecated parameter 'utf8' [ 117.629477][ T6334] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./417/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./417/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./417/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./417/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./417/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./417/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./417") = 0 mkdir("./418", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6336 ./strace-static-x86_64: Process 6336 attached [pid 6336] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6336] chdir("./418") = 0 [pid 6336] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6336] setpgid(0, 0) = 0 [pid 6336] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6336] write(3, "1000", 4) = 4 [pid 6336] close(3) = 0 [pid 6336] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6336] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6336] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6336] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6336] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6337 attached , parent_tid=[6337], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6337 [pid 6336] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6336] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6337] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6337] memfd_create("syzkaller", 0) = 3 [pid 6337] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6337] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6337] munmap(0x7f2656609000, 131072) = 0 [pid 6337] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6337] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6337] close(3) = 0 [pid 6337] mkdir("./file2", 0777) = 0 [pid 6337] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6337] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6337] chdir("./file2") = 0 [pid 6337] ioctl(4, LOOP_CLR_FD) = 0 [pid 6337] close(4) = 0 [pid 6337] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6336] <... futex resumed>) = 0 [pid 6337] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6336] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6336] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6337] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6337] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6337] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6336] <... futex resumed>) = 0 [pid 6337] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6336] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6337] <... openat resumed>) = 5 [pid 6336] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6337] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6336] <... futex resumed>) = 0 [pid 6337] write(4, "\x00\x00", 2 [pid 6336] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6337] <... write resumed>) = 2 [pid 6336] <... futex resumed>) = 0 [pid 6337] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6336] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6337] <... futex resumed>) = 0 [pid 6336] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6337] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6336] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6337] <... mmap resumed>) = 0x20000000 [pid 6336] <... futex resumed>) = 0 [pid 6337] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6336] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6337] <... futex resumed>) = 0 [pid 6336] <... futex resumed>) = 0 [pid 6337] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6336] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6336] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6336] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6338 attached , parent_tid=[6338], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6338 [pid 6338] set_robust_list(0x7f26566289e0, 24 [pid 6336] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6336] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6338] <... set_robust_list resumed>) = 0 [pid 6338] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6338] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6338] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6336] <... futex resumed>) = 0 [pid 6338] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6336] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6337] <... futex resumed>) = 0 [pid 6336] <... futex resumed>) = 1 [pid 6337] getdents64(-1, [pid 6336] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6337] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6337] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6336] <... futex resumed>) = 0 [pid 6337] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6336] exit_group(0 [pid 6338] <... futex resumed>) = ? [pid 6337] <... futex resumed>) = ? [pid 6336] <... exit_group resumed>) = ? [pid 6338] +++ exited with 0 +++ [pid 6337] +++ exited with 0 +++ [pid 6336] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6336, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./418", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./418", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./418/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./418/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./418/binderfs") = 0 [ 117.738981][ T6337] loop0: detected capacity change from 0 to 256 [ 117.748966][ T6337] exfat: Deprecated parameter 'utf8' [ 117.760649][ T6337] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./418/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./418/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./418/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./418/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./418/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./418/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./418") = 0 mkdir("./419", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6339 ./strace-static-x86_64: Process 6339 attached [pid 6339] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6339] chdir("./419") = 0 [pid 6339] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6339] setpgid(0, 0) = 0 [pid 6339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6339] write(3, "1000", 4) = 4 [pid 6339] close(3) = 0 [pid 6339] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6339] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6339] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6339] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6339] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6340 attached , parent_tid=[6340], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6340 [pid 6339] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6339] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6340] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6340] memfd_create("syzkaller", 0) = 3 [pid 6340] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6340] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6340] munmap(0x7f2656609000, 131072) = 0 [pid 6340] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6340] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6340] close(3) = 0 [pid 6340] mkdir("./file2", 0777) = 0 [pid 6340] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6340] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6340] chdir("./file2") = 0 [pid 6340] ioctl(4, LOOP_CLR_FD) = 0 [pid 6340] close(4) = 0 [pid 6340] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6339] <... futex resumed>) = 0 [pid 6340] <... futex resumed>) = 1 [pid 6339] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6340] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6339] <... futex resumed>) = 0 [pid 6339] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6340] <... openat resumed>) = 4 [pid 6340] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6339] <... futex resumed>) = 0 [pid 6340] <... futex resumed>) = 1 [pid 6339] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6339] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6340] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6340] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6339] <... futex resumed>) = 0 [pid 6339] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6339] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6340] write(4, "\x00\x00", 2) = 2 [pid 6340] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6339] <... futex resumed>) = 0 [pid 6339] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6339] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6339] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6339] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6339] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6341], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6341 ./strace-static-x86_64: Process 6341 attached [pid 6339] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6341] set_robust_list(0x7f26566289e0, 24 [pid 6339] <... futex resumed>) = 0 [pid 6341] <... set_robust_list resumed>) = 0 [pid 6339] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6341] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6340] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6341] <... openat resumed>) = 6 [pid 6340] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6341] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6339] <... futex resumed>) = 0 [pid 6339] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6341] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6339] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6340] <... futex resumed>) = 1 [pid 6339] <... futex resumed>) = 0 [pid 6340] getdents64(6, [pid 6339] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 6340] <... getdents64 resumed>NULL, 32776) = -1 EFAULT (Bad address) [pid 6340] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6339] <... futex resumed>) = 0 [pid 6339] exit_group(0) = ? [pid 6341] <... futex resumed>) = ? [pid 6340] +++ exited with 0 +++ [pid 6341] +++ exited with 0 +++ [pid 6339] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6339, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./419", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./419", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./419/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./419/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./419/binderfs") = 0 [ 117.871053][ T6340] loop0: detected capacity change from 0 to 256 [ 117.881757][ T6340] exfat: Deprecated parameter 'utf8' [ 117.892785][ T6340] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./419/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./419/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./419/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./419/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./419/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./419/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./419") = 0 mkdir("./420", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6342 ./strace-static-x86_64: Process 6342 attached [pid 6342] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6342] chdir("./420") = 0 [pid 6342] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6342] setpgid(0, 0) = 0 [pid 6342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6342] write(3, "1000", 4) = 4 [pid 6342] close(3) = 0 [pid 6342] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6342] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6342] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6342] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6342] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6343], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6343 [pid 6342] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6342] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6343 attached [pid 6343] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6343] memfd_create("syzkaller", 0) = 3 [pid 6343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6343] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6343] munmap(0x7f2656609000, 131072) = 0 [pid 6343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6343] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6343] close(3) = 0 [pid 6343] mkdir("./file2", 0777) = 0 [pid 6343] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6343] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6343] chdir("./file2") = 0 [pid 6343] ioctl(4, LOOP_CLR_FD) = 0 [pid 6343] close(4) = 0 [pid 6343] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6342] <... futex resumed>) = 0 [pid 6342] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6342] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6343] <... futex resumed>) = 1 [pid 6343] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6343] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6342] <... futex resumed>) = 0 [pid 6342] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6342] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6343] <... futex resumed>) = 1 [pid 6343] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6343] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6342] <... futex resumed>) = 0 [pid 6342] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6342] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6343] <... futex resumed>) = 1 [pid 6343] write(4, "\x00\x00", 2) = 2 [pid 6343] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6342] <... futex resumed>) = 0 [pid 6343] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6342] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6342] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6342] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6343] <... mmap resumed>) = 0x20000000 [pid 6342] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6343] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6342] <... mprotect resumed>) = 0 [pid 6343] <... futex resumed>) = 0 [pid 6342] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6344 attached [pid 6343] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6344] set_robust_list(0x7f26566289e0, 24 [pid 6342] <... clone resumed>, parent_tid=[6344], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6344 [pid 6342] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6342] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6344] <... set_robust_list resumed>) = 0 [pid 6344] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6344] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6344] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6342] <... futex resumed>) = 0 [pid 6344] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6342] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6342] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6343] <... futex resumed>) = 0 [pid 6343] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6343] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6342] <... futex resumed>) = 0 [pid 6343] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6342] exit_group(0 [pid 6344] <... futex resumed>) = ? [pid 6343] <... futex resumed>) = ? [pid 6342] <... exit_group resumed>) = ? [pid 6344] +++ exited with 0 +++ [pid 6343] +++ exited with 0 +++ [pid 6342] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6342, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [ 117.975531][ T6343] loop0: detected capacity change from 0 to 256 [ 117.982448][ T5080] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 117.985434][ T6343] exfat: Deprecated parameter 'utf8' [ 118.002281][ T6343] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./420", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./420", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./420/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./420/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./420/binderfs") = 0 umount2("./420/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./420/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./420/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./420/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./420/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./420/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./420") = 0 mkdir("./421", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6345 ./strace-static-x86_64: Process 6345 attached [pid 6345] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6345] chdir("./421") = 0 [pid 6345] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6345] setpgid(0, 0) = 0 [pid 6345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6345] write(3, "1000", 4) = 4 [pid 6345] close(3) = 0 [pid 6345] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6345] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6345] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6345] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6345] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6346 attached [pid 6346] set_robust_list(0x7f265ea299e0, 24 [pid 6345] <... clone resumed>, parent_tid=[6346], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6346 [pid 6346] <... set_robust_list resumed>) = 0 [pid 6345] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6345] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6346] memfd_create("syzkaller", 0) = 3 [pid 6346] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6346] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6346] munmap(0x7f2656609000, 131072) = 0 [pid 6346] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6346] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6346] close(3) = 0 [pid 6346] mkdir("./file2", 0777) = 0 [pid 6346] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6346] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6346] chdir("./file2") = 0 [pid 6346] ioctl(4, LOOP_CLR_FD) = 0 [pid 6346] close(4) = 0 [pid 6346] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6345] <... futex resumed>) = 0 [pid 6346] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6345] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6346] <... openat resumed>) = 4 [pid 6345] <... futex resumed>) = 0 [pid 6346] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6345] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6346] <... futex resumed>) = 0 [pid 6345] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6346] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6345] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6346] <... openat resumed>) = 5 [pid 6345] <... futex resumed>) = 0 [pid 6346] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6345] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6346] <... futex resumed>) = 0 [pid 6345] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6346] write(4, "\x00\x00", 2 [pid 6345] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6346] <... write resumed>) = 2 [pid 6345] <... futex resumed>) = 0 [pid 6346] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6345] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6346] <... futex resumed>) = 0 [pid 6345] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6346] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6345] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6346] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6345] <... futex resumed>) = 0 [pid 6346] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6345] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6346] <... mmap resumed>) = 0x20000000 [pid 6345] <... futex resumed>) = 0 [pid 6346] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6345] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6346] <... futex resumed>) = 0 [pid 6345] <... mmap resumed>) = 0x7f2656608000 [pid 6346] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6345] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6345] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6347 attached , parent_tid=[6347], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6347 [pid 6345] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6347] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6347] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6347] openat(AT_FDCWD, "", O_RDONLY [pid 6345] <... futex resumed>) = 0 [pid 6347] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 6345] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6347] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6345] <... futex resumed>) = 0 [pid 6345] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6345] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6347] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6346] <... futex resumed>) = 0 [pid 6346] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6346] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6345] <... futex resumed>) = 0 [pid 6346] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6345] exit_group(0 [pid 6346] <... futex resumed>) = ? [pid 6345] <... exit_group resumed>) = ? [pid 6346] +++ exited with 0 +++ [pid 6347] <... futex resumed>) = ? [pid 6347] +++ exited with 0 +++ [pid 6345] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6345, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./421", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./421", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./421/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./421/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./421/binderfs") = 0 umount2("./421/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./421/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./421/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./421/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./421/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 [ 118.108857][ T6346] loop0: detected capacity change from 0 to 256 [ 118.118195][ T6346] exfat: Deprecated parameter 'utf8' [ 118.127794][ T6346] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./421/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./421") = 0 mkdir("./422", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6348 ./strace-static-x86_64: Process 6348 attached [pid 6348] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6348] chdir("./422") = 0 [pid 6348] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6348] setpgid(0, 0) = 0 [pid 6348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6348] write(3, "1000", 4) = 4 [pid 6348] close(3) = 0 [pid 6348] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6348] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6348] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6348] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6348] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6349 attached , parent_tid=[6349], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6349 [pid 6349] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6349] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6348] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6349] <... futex resumed>) = 0 [pid 6348] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6349] memfd_create("syzkaller", 0) = 3 [pid 6349] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6349] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6349] munmap(0x7f2656609000, 131072) = 0 [pid 6349] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6349] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6349] close(3) = 0 [pid 6349] mkdir("./file2", 0777) = 0 [pid 6349] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6349] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6349] chdir("./file2") = 0 [pid 6349] ioctl(4, LOOP_CLR_FD) = 0 [pid 6349] close(4) = 0 [pid 6349] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6348] <... futex resumed>) = 0 [pid 6348] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6348] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6349] <... futex resumed>) = 1 [pid 6349] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6349] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6348] <... futex resumed>) = 0 [pid 6348] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6348] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6349] <... futex resumed>) = 1 [pid 6349] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6349] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6348] <... futex resumed>) = 0 [pid 6348] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6348] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6349] <... futex resumed>) = 1 [pid 6349] write(4, "\x00\x00", 2) = 2 [pid 6349] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6348] <... futex resumed>) = 0 [pid 6348] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6348] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6348] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6348] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6348] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6350], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6350 [pid 6348] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6348] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6349] <... futex resumed>) = 1 [pid 6349] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6349] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6349] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6350 attached [pid 6350] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6350] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6350] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6350] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6348] <... futex resumed>) = 0 [pid 6348] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6348] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6350] <... futex resumed>) = 1 [pid 6350] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6349] <... futex resumed>) = 0 [pid 6349] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6349] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6348] <... futex resumed>) = 0 [pid 6348] exit_group(0) = ? [pid 6350] <... futex resumed>) = ? [pid 6350] +++ exited with 0 +++ [pid 6349] <... futex resumed>) = ? [pid 6349] +++ exited with 0 +++ [pid 6348] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6348, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./422", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./422", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./422/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./422/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./422/binderfs") = 0 umount2("./422/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./422/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./422/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./422/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./422/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./422/file2") = 0 [ 118.229353][ T6349] loop0: detected capacity change from 0 to 256 [ 118.238388][ T6349] exfat: Deprecated parameter 'utf8' [ 118.248764][ T6349] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./422") = 0 mkdir("./423", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6351 ./strace-static-x86_64: Process 6351 attached [pid 6351] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6351] chdir("./423") = 0 [pid 6351] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6351] setpgid(0, 0) = 0 [pid 6351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6351] write(3, "1000", 4) = 4 [pid 6351] close(3) = 0 [pid 6351] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6351] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6351] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6351] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6351] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6352], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6352 [pid 6351] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6351] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6352 attached [pid 6352] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6352] memfd_create("syzkaller", 0) = 3 [pid 6352] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6352] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6352] munmap(0x7f2656609000, 131072) = 0 [pid 6352] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6352] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6352] close(3) = 0 [pid 6352] mkdir("./file2", 0777) = 0 [pid 6352] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6352] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6352] chdir("./file2") = 0 [pid 6352] ioctl(4, LOOP_CLR_FD) = 0 [pid 6352] close(4) = 0 [pid 6352] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6351] <... futex resumed>) = 0 [pid 6352] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6351] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6352] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6351] <... futex resumed>) = 0 [pid 6352] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6351] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6352] <... openat resumed>) = 4 [pid 6352] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6351] <... futex resumed>) = 0 [pid 6351] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6352] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6351] <... futex resumed>) = 0 [pid 6351] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6352] <... openat resumed>) = 5 [pid 6352] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6351] <... futex resumed>) = 0 [pid 6352] write(4, "\x00\x00", 2 [pid 6351] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6352] <... write resumed>) = 2 [pid 6351] <... futex resumed>) = 0 [pid 6352] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6351] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6352] <... futex resumed>) = 0 [pid 6351] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6352] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6351] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6352] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6351] <... futex resumed>) = 0 [pid 6352] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6351] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6352] <... mmap resumed>) = 0x20000000 [pid 6351] <... futex resumed>) = 0 [pid 6352] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6351] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6352] <... futex resumed>) = 0 [pid 6351] <... mmap resumed>) = 0x7f2656608000 [pid 6352] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6351] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6351] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6353 attached , parent_tid=[6353], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6353 [pid 6351] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6351] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6353] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6353] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6353] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6353] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6351] <... futex resumed>) = 0 [pid 6353] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6351] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6352] <... futex resumed>) = 0 [pid 6351] <... futex resumed>) = 1 [pid 6352] getdents64(-1, [pid 6351] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6352] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6352] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6351] <... futex resumed>) = 0 [pid 6352] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6351] exit_group(0 [pid 6353] <... futex resumed>) = ? [pid 6352] <... futex resumed>) = ? [pid 6351] <... exit_group resumed>) = ? [pid 6353] +++ exited with 0 +++ [pid 6352] +++ exited with 0 +++ [pid 6351] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6351, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./423", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./423", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./423/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./423/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./423/binderfs") = 0 umount2("./423/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 118.340226][ T6352] loop0: detected capacity change from 0 to 256 [ 118.349373][ T6352] exfat: Deprecated parameter 'utf8' [ 118.360902][ T6352] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./423/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./423/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./423/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./423/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./423/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./423") = 0 mkdir("./424", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6354 ./strace-static-x86_64: Process 6354 attached [pid 6354] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6354] chdir("./424") = 0 [pid 6354] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6354] setpgid(0, 0) = 0 [pid 6354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6354] write(3, "1000", 4) = 4 [pid 6354] close(3) = 0 [pid 6354] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6354] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6354] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6354] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6354] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6355 attached , parent_tid=[6355], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6355 [pid 6354] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6354] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6355] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6355] memfd_create("syzkaller", 0) = 3 [pid 6355] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6355] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6355] munmap(0x7f2656609000, 131072) = 0 [pid 6355] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6355] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6355] close(3) = 0 [pid 6355] mkdir("./file2", 0777) = 0 [pid 6355] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6355] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6355] chdir("./file2") = 0 [pid 6355] ioctl(4, LOOP_CLR_FD) = 0 [pid 6355] close(4) = 0 [pid 6355] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6354] <... futex resumed>) = 0 [pid 6354] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6355] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6354] <... futex resumed>) = 0 [pid 6354] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6355] <... openat resumed>) = 4 [pid 6355] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6354] <... futex resumed>) = 0 [pid 6355] <... futex resumed>) = 1 [pid 6355] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6354] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6354] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6355] <... openat resumed>) = 5 [pid 6355] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6354] <... futex resumed>) = 0 [pid 6354] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6354] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6355] write(4, "\x00\x00", 2) = 2 [pid 6355] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6354] <... futex resumed>) = 0 [pid 6354] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6354] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6354] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6354] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6354] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6356 attached , parent_tid=[6356], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6356 [pid 6356] set_robust_list(0x7f26566289e0, 24 [pid 6354] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6356] <... set_robust_list resumed>) = 0 [pid 6354] <... futex resumed>) = 0 [pid 6356] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6354] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6356] <... openat resumed>) = 6 [pid 6355] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [ 118.464789][ T6355] loop0: detected capacity change from 0 to 256 [ 118.475062][ T6355] exfat: Deprecated parameter 'utf8' [ 118.486706][ T6355] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6356] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6354] <... futex resumed>) = 0 [pid 6355] <... mmap resumed>) = 0x20000000 [pid 6354] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6354] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6356] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 6356] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6354] <... futex resumed>) = 0 [pid 6356] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6355] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6355] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6354] exit_group(0 [pid 6355] <... futex resumed>) = ? [pid 6354] <... exit_group resumed>) = ? [pid 6355] +++ exited with 0 +++ [pid 6356] <... futex resumed>) = ? [pid 6356] +++ exited with 0 +++ [pid 6354] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6354, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./424", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./424", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./424/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./424/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./424/binderfs") = 0 umount2("./424/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./424/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./424/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./424/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./424/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./424/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./424") = 0 mkdir("./425", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6357 attached , child_tidptr=0x555556b3a6d0) = 6357 [pid 6357] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6357] chdir("./425") = 0 [pid 6357] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6357] setpgid(0, 0) = 0 [pid 6357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6357] write(3, "1000", 4) = 4 [pid 6357] close(3) = 0 [pid 6357] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6357] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6357] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6357] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6357] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6358 attached , parent_tid=[6358], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6358 [pid 6357] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6357] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6358] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6358] memfd_create("syzkaller", 0) = 3 [pid 6358] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6358] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6358] munmap(0x7f2656609000, 131072) = 0 [pid 6358] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6358] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6358] close(3) = 0 [pid 6358] mkdir("./file2", 0777) = 0 [pid 6358] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6358] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6358] chdir("./file2") = 0 [pid 6358] ioctl(4, LOOP_CLR_FD) = 0 [pid 6358] close(4) = 0 [pid 6358] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6357] <... futex resumed>) = 0 [pid 6358] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6357] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6358] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6357] <... futex resumed>) = 0 [pid 6357] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6358] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6358] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6357] <... futex resumed>) = 0 [pid 6358] <... futex resumed>) = 1 [pid 6357] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6358] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6357] <... futex resumed>) = 0 [pid 6357] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6358] <... openat resumed>) = 5 [pid 6358] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6357] <... futex resumed>) = 0 [pid 6358] write(4, "\x00\x00", 2 [pid 6357] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6357] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6358] <... write resumed>) = 2 [pid 6358] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6357] <... futex resumed>) = 0 [pid 6358] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6357] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6358] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6357] <... futex resumed>) = 0 [pid 6358] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6357] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6357] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6358] <... mmap resumed>) = 0x20000000 [pid 6357] <... mmap resumed>) = 0x7f2656608000 [pid 6358] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6357] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6358] <... futex resumed>) = 0 [pid 6358] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6357] <... mprotect resumed>) = 0 [pid 6357] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6359 attached [pid 6359] set_robust_list(0x7f26566289e0, 24 [pid 6357] <... clone resumed>, parent_tid=[6359], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6359 [pid 6357] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6359] <... set_robust_list resumed>) = 0 [pid 6357] <... futex resumed>) = 0 [pid 6357] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6359] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6359] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6359] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6357] <... futex resumed>) = 0 [pid 6357] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6358] <... futex resumed>) = 0 [pid 6357] <... futex resumed>) = 1 [pid 6359] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6358] getdents64(-1, [pid 6357] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6358] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6358] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6357] <... futex resumed>) = 0 [pid 6358] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6357] exit_group(0 [pid 6358] <... futex resumed>) = ? [pid 6357] <... exit_group resumed>) = ? [pid 6359] <... futex resumed>) = ? [pid 6358] +++ exited with 0 +++ [pid 6359] +++ exited with 0 +++ [pid 6357] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6357, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./425", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./425", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./425/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./425/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./425/binderfs") = 0 [ 118.609504][ T6358] loop0: detected capacity change from 0 to 256 [ 118.618163][ T6358] exfat: Deprecated parameter 'utf8' [ 118.629372][ T6358] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./425/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./425/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./425/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./425/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./425/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./425/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./425") = 0 mkdir("./426", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6360 ./strace-static-x86_64: Process 6360 attached [pid 6360] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6360] chdir("./426") = 0 [pid 6360] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6360] setpgid(0, 0) = 0 [pid 6360] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6360] write(3, "1000", 4) = 4 [pid 6360] close(3) = 0 [pid 6360] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6360] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6360] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6360] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6360] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6361], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6361 [pid 6360] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6360] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6361 attached [pid 6361] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6361] memfd_create("syzkaller", 0) = 3 [pid 6361] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6361] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6361] munmap(0x7f2656609000, 131072) = 0 [pid 6361] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6361] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6361] close(3) = 0 [pid 6361] mkdir("./file2", 0777) = 0 [pid 6361] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6361] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6361] chdir("./file2") = 0 [pid 6361] ioctl(4, LOOP_CLR_FD) = 0 [pid 6361] close(4) = 0 [pid 6361] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6360] <... futex resumed>) = 0 [pid 6361] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6360] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6360] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6361] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6361] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6361] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6360] <... futex resumed>) = 0 [pid 6360] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6361] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6360] <... futex resumed>) = 0 [pid 6360] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6361] <... openat resumed>) = 5 [pid 6361] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6360] <... futex resumed>) = 0 [pid 6361] write(4, "\x00\x00", 2 [pid 6360] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6361] <... write resumed>) = 2 [pid 6360] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6361] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6360] <... futex resumed>) = 0 [pid 6361] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6360] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6361] <... mmap resumed>) = 0x20000000 [pid 6360] <... futex resumed>) = 0 [pid 6360] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6360] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6361] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6361] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6360] <... mmap resumed>) = 0x7f2656608000 [pid 6360] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6360] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6362], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6362 ./strace-static-x86_64: Process 6362 attached [pid 6360] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6362] set_robust_list(0x7f26566289e0, 24 [pid 6360] <... futex resumed>) = 0 [pid 6362] <... set_robust_list resumed>) = 0 [pid 6360] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6362] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6362] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6362] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6360] <... futex resumed>) = 0 [pid 6362] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6360] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6361] <... futex resumed>) = 0 [pid 6360] <... futex resumed>) = 1 [pid 6361] getdents64(-1, [pid 6360] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6361] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6361] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6360] <... futex resumed>) = 0 [pid 6361] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6360] exit_group(0 [pid 6361] <... futex resumed>) = ? [pid 6360] <... exit_group resumed>) = ? [pid 6361] +++ exited with 0 +++ [pid 6362] <... futex resumed>) = ? [pid 6362] +++ exited with 0 +++ [pid 6360] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6360, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./426", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./426", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./426/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./426/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./426/binderfs") = 0 [ 118.718645][ T6361] loop0: detected capacity change from 0 to 256 [ 118.728754][ T6361] exfat: Deprecated parameter 'utf8' [ 118.738739][ T6361] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./426/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./426/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./426/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./426/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./426/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./426/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./426") = 0 mkdir("./427", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6363 ./strace-static-x86_64: Process 6363 attached [pid 6363] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6363] chdir("./427") = 0 [pid 6363] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6363] setpgid(0, 0) = 0 [pid 6363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6363] write(3, "1000", 4) = 4 [pid 6363] close(3) = 0 [pid 6363] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6363] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6363] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6363] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6363] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6364 attached , parent_tid=[6364], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6364 [pid 6364] set_robust_list(0x7f265ea299e0, 24 [pid 6363] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6364] <... set_robust_list resumed>) = 0 [pid 6363] <... futex resumed>) = 0 [pid 6363] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6364] memfd_create("syzkaller", 0) = 3 [pid 6364] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6364] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6364] munmap(0x7f2656609000, 131072) = 0 [pid 6364] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6364] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6364] close(3) = 0 [pid 6364] mkdir("./file2", 0777) = 0 [pid 6364] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6364] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6364] chdir("./file2") = 0 [pid 6364] ioctl(4, LOOP_CLR_FD) = 0 [pid 6364] close(4) = 0 [pid 6364] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6363] <... futex resumed>) = 0 [pid 6363] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6364] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6363] <... futex resumed>) = 0 [pid 6363] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6364] <... openat resumed>) = 4 [pid 6364] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6363] <... futex resumed>) = 0 [pid 6364] <... futex resumed>) = 1 [pid 6363] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6363] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6364] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6364] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6363] <... futex resumed>) = 0 [pid 6364] <... futex resumed>) = 1 [pid 6363] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6363] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6364] write(4, "\x00\x00", 2) = 2 [pid 6364] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6363] <... futex resumed>) = 0 [pid 6364] <... futex resumed>) = 1 [pid 6363] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6363] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6363] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6363] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6363] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6365], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6365 [pid 6363] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6363] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6364] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6364] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6364] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6365 attached [pid 6365] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6365] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6365] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6365] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6363] <... futex resumed>) = 0 [pid 6365] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6363] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6364] <... futex resumed>) = 0 [pid 6363] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6364] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6364] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6363] <... futex resumed>) = 0 [pid 6364] <... futex resumed>) = 1 [pid 6364] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6363] exit_group(0) = ? [pid 6364] <... futex resumed>) = ? [pid 6365] <... futex resumed>) = ? [pid 6364] +++ exited with 0 +++ [pid 6365] +++ exited with 0 +++ [pid 6363] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6363, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./427", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./427", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./427/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./427/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./427/binderfs") = 0 umount2("./427/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 118.847433][ T6364] loop0: detected capacity change from 0 to 256 [ 118.857127][ T6364] exfat: Deprecated parameter 'utf8' [ 118.868484][ T6364] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./427/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./427/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./427/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./427/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./427/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./427") = 0 mkdir("./428", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6366 ./strace-static-x86_64: Process 6366 attached [pid 6366] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6366] chdir("./428") = 0 [pid 6366] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6366] setpgid(0, 0) = 0 [pid 6366] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6366] write(3, "1000", 4) = 4 [pid 6366] close(3) = 0 [pid 6366] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6366] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6366] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6366] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6366] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6367 attached , parent_tid=[6367], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6367 [pid 6367] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6367] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6366] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6367] <... futex resumed>) = 0 [pid 6366] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6367] memfd_create("syzkaller", 0) = 3 [pid 6367] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6367] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6367] munmap(0x7f2656609000, 131072) = 0 [pid 6367] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6367] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6367] close(3) = 0 [pid 6367] mkdir("./file2", 0777) = 0 [pid 6367] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6367] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6367] chdir("./file2") = 0 [pid 6367] ioctl(4, LOOP_CLR_FD) = 0 [pid 6367] close(4) = 0 [pid 6367] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6366] <... futex resumed>) = 0 [pid 6366] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6367] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6366] <... futex resumed>) = 0 [pid 6366] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6367] <... openat resumed>) = 4 [pid 6367] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6366] <... futex resumed>) = 0 [pid 6367] <... futex resumed>) = 1 [pid 6367] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6366] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6366] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6367] <... openat resumed>) = 5 [pid 6367] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6366] <... futex resumed>) = 0 [pid 6366] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6366] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6367] write(4, "\x00\x00", 2) = 2 [pid 6367] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6366] <... futex resumed>) = 0 [pid 6366] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6366] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6366] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6366] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6366] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6368 attached [pid 6368] set_robust_list(0x7f26566289e0, 24 [pid 6366] <... clone resumed>, parent_tid=[6368], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6368 [pid 6368] <... set_robust_list resumed>) = 0 [pid 6366] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6368] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6366] <... futex resumed>) = 0 [pid 6366] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6367] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6368] <... openat resumed>) = 6 [pid 6367] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6368] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6366] <... futex resumed>) = 0 [pid 6367] <... futex resumed>) = 0 [pid 6366] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6368] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6366] <... futex resumed>) = 0 [pid 6366] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6367] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 6367] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6366] <... futex resumed>) = 0 [ 118.958809][ T6367] loop0: detected capacity change from 0 to 256 [ 118.969839][ T6367] exfat: Deprecated parameter 'utf8' [ 118.980669][ T6367] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6366] exit_group(0) = ? [pid 6368] <... futex resumed>) = ? [pid 6367] +++ exited with 0 +++ [pid 6368] +++ exited with 0 +++ [pid 6366] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6366, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./428", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./428", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./428/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./428/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./428/binderfs") = 0 umount2("./428/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./428/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./428/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./428/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./428/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./428/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./428") = 0 mkdir("./429", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6369 ./strace-static-x86_64: Process 6369 attached [pid 6369] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6369] chdir("./429") = 0 [pid 6369] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6369] setpgid(0, 0) = 0 [pid 6369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6369] write(3, "1000", 4) = 4 [pid 6369] close(3) = 0 [pid 6369] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6369] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6369] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6369] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6369] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6370], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6370 ./strace-static-x86_64: Process 6370 attached [pid 6370] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6370] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6369] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6370] <... futex resumed>) = 0 [pid 6369] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6370] memfd_create("syzkaller", 0) = 3 [pid 6370] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6370] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6370] munmap(0x7f2656609000, 131072) = 0 [pid 6370] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6370] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6370] close(3) = 0 [pid 6370] mkdir("./file2", 0777) = 0 [pid 6370] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6370] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6370] chdir("./file2") = 0 [pid 6370] ioctl(4, LOOP_CLR_FD) = 0 [pid 6370] close(4) = 0 [pid 6370] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6369] <... futex resumed>) = 0 [pid 6369] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6370] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6369] <... futex resumed>) = 0 [pid 6369] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6370] <... openat resumed>) = 4 [pid 6370] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6369] <... futex resumed>) = 0 [pid 6370] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6369] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6369] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6370] <... openat resumed>) = 5 [pid 6370] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6369] <... futex resumed>) = 0 [pid 6369] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6370] write(4, "\x00\x00", 2 [pid 6369] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6370] <... write resumed>) = 2 [pid 6370] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6369] <... futex resumed>) = 0 [pid 6369] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6369] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6369] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6370] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6369] <... mmap resumed>) = 0x7f2656608000 [pid 6369] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6370] <... mmap resumed>) = 0x20000000 [pid 6369] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6370] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6369] <... clone resumed>, parent_tid=[6371], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6371 [pid 6369] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6369] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6371 attached [pid 6371] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6371] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6371] openat(AT_FDCWD, "", O_RDONLY [pid 6370] <... futex resumed>) = 0 [pid 6371] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 6371] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6369] <... futex resumed>) = 0 [pid 6370] getdents64(-1, [pid 6369] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6369] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6370] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6371] <... futex resumed>) = 1 [pid 6371] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6370] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6369] <... futex resumed>) = 0 [pid 6370] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6369] exit_group(0) = ? [pid 6370] <... futex resumed>) = ? [pid 6371] <... futex resumed>) = ? [pid 6371] +++ exited with 0 +++ [pid 6370] +++ exited with 0 +++ [pid 6369] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6369, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./429", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./429", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./429/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./429/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./429/binderfs") = 0 [ 119.100447][ T6370] loop0: detected capacity change from 0 to 256 [ 119.109545][ T6370] exfat: Deprecated parameter 'utf8' [ 119.120447][ T6370] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./429/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./429/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./429/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./429/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./429/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./429/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./429") = 0 mkdir("./430", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6372 ./strace-static-x86_64: Process 6372 attached [pid 6372] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6372] chdir("./430") = 0 [pid 6372] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6372] setpgid(0, 0) = 0 [pid 6372] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6372] write(3, "1000", 4) = 4 [pid 6372] close(3) = 0 [pid 6372] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6372] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6372] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6372] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6372] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6373], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6373 [pid 6372] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6372] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6373 attached [pid 6373] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6373] memfd_create("syzkaller", 0) = 3 [pid 6373] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6373] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6373] munmap(0x7f2656609000, 131072) = 0 [pid 6373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6373] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6373] close(3) = 0 [pid 6373] mkdir("./file2", 0777) = 0 [pid 6373] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6373] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6373] chdir("./file2") = 0 [pid 6373] ioctl(4, LOOP_CLR_FD) = 0 [pid 6373] close(4) = 0 [pid 6373] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6373] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6372] <... futex resumed>) = 0 [pid 6372] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6373] <... futex resumed>) = 0 [pid 6372] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6373] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6373] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6372] <... futex resumed>) = 0 [pid 6373] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6372] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6372] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6373] <... openat resumed>) = 5 [pid 6373] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6372] <... futex resumed>) = 0 [pid 6373] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6372] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6373] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6372] <... futex resumed>) = 0 [pid 6373] write(4, "\x00\x00", 2 [pid 6372] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6373] <... write resumed>) = 2 [pid 6373] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6372] <... futex resumed>) = 0 [pid 6372] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6373] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6372] <... futex resumed>) = 0 [pid 6373] <... mmap resumed>) = 0x20000000 [pid 6372] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6372] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6373] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6373] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6372] <... mmap resumed>) = 0x7f2656608000 [pid 6372] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6372] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6374], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6374 [pid 6372] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6372] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6374 attached [pid 6374] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6374] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6374] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6374] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6372] <... futex resumed>) = 0 [pid 6374] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6372] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6373] <... futex resumed>) = 0 [pid 6372] <... futex resumed>) = 1 [pid 6373] getdents64(-1, [pid 6372] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6373] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6373] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6372] <... futex resumed>) = 0 [pid 6373] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6372] exit_group(0 [pid 6373] <... futex resumed>) = ? [pid 6372] <... exit_group resumed>) = ? [pid 6373] +++ exited with 0 +++ [pid 6374] <... futex resumed>) = ? [pid 6374] +++ exited with 0 +++ [pid 6372] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6372, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./430", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./430", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./430/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./430/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./430/binderfs") = 0 umount2("./430/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./430/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./430/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 119.222517][ T6373] loop0: detected capacity change from 0 to 256 [ 119.232760][ T6373] exfat: Deprecated parameter 'utf8' [ 119.243669][ T6373] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./430/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./430/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./430/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./430") = 0 mkdir("./431", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6375 attached , child_tidptr=0x555556b3a6d0) = 6375 [pid 6375] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6375] chdir("./431") = 0 [pid 6375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6375] setpgid(0, 0) = 0 [pid 6375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6375] write(3, "1000", 4) = 4 [pid 6375] close(3) = 0 [pid 6375] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6375] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6375] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6375] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6375] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6376 attached , parent_tid=[6376], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6376 [pid 6375] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6375] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6376] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6376] memfd_create("syzkaller", 0) = 3 [pid 6376] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6376] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6376] munmap(0x7f2656609000, 131072) = 0 [pid 6376] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6376] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6376] close(3) = 0 [pid 6376] mkdir("./file2", 0777) = 0 [pid 6376] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6376] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6376] chdir("./file2") = 0 [pid 6376] ioctl(4, LOOP_CLR_FD) = 0 [pid 6376] close(4) = 0 [pid 6376] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6375] <... futex resumed>) = 0 [pid 6375] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6376] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6375] <... futex resumed>) = 0 [pid 6375] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6376] <... openat resumed>) = 4 [pid 6376] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6375] <... futex resumed>) = 0 [pid 6375] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6375] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6376] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6376] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6375] <... futex resumed>) = 0 [pid 6375] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6375] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6376] write(4, "\x00\x00", 2) = 2 [pid 6376] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6375] <... futex resumed>) = 0 [pid 6375] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6375] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6375] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6375] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6375] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6377 attached , parent_tid=[6377], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6377 [pid 6375] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6377] set_robust_list(0x7f26566289e0, 24 [pid 6375] <... futex resumed>) = 0 [pid 6377] <... set_robust_list resumed>) = 0 [pid 6375] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6377] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6376] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6377] <... openat resumed>) = 6 [pid 6377] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6375] <... futex resumed>) = 0 [pid 6377] <... futex resumed>) = 1 [pid 6375] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6376] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6375] <... futex resumed>) = 0 [pid 6376] <... futex resumed>) = 0 [pid 6375] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6376] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6377] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 6377] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6375] <... futex resumed>) = 0 [pid 6375] exit_group(0) = ? [pid 6376] <... futex resumed>) = ? [pid 6377] <... futex resumed>) = ? [pid 6376] +++ exited with 0 +++ [pid 6377] +++ exited with 0 +++ [pid 6375] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6375, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./431", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./431", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./431/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./431/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./431/binderfs") = 0 [ 119.333160][ T6376] loop0: detected capacity change from 0 to 256 [ 119.343141][ T6376] exfat: Deprecated parameter 'utf8' [ 119.356174][ T6376] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./431/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./431/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./431/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./431/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./431/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./431/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./431") = 0 mkdir("./432", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6378 ./strace-static-x86_64: Process 6378 attached [pid 6378] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6378] chdir("./432") = 0 [pid 6378] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6378] setpgid(0, 0) = 0 [pid 6378] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6378] write(3, "1000", 4) = 4 [pid 6378] close(3) = 0 [pid 6378] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6378] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6378] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6378] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6378] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6379 attached [pid 6379] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6379] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6378] <... clone resumed>, parent_tid=[6379], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6379 [pid 6378] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6379] <... futex resumed>) = 0 [pid 6378] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6379] memfd_create("syzkaller", 0) = 3 [pid 6379] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6379] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6379] munmap(0x7f2656609000, 131072) = 0 [pid 6379] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6379] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6379] close(3) = 0 [pid 6379] mkdir("./file2", 0777) = 0 [pid 6379] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6379] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6379] chdir("./file2") = 0 [pid 6379] ioctl(4, LOOP_CLR_FD) = 0 [pid 6379] close(4) = 0 [pid 6379] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6378] <... futex resumed>) = 0 [pid 6378] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6378] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6379] <... futex resumed>) = 1 [pid 6379] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6379] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6378] <... futex resumed>) = 0 [pid 6378] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6378] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6379] <... futex resumed>) = 1 [pid 6379] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6379] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6378] <... futex resumed>) = 0 [pid 6378] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6378] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6379] <... futex resumed>) = 1 [pid 6379] write(4, "\x00\x00", 2) = 2 [pid 6379] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6378] <... futex resumed>) = 0 [pid 6378] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6378] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6378] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6378] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6378] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6380], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6380 [pid 6378] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6378] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6379] <... futex resumed>) = 1 [pid 6379] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0./strace-static-x86_64: Process 6380 attached ) = 0x20000000 [pid 6379] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6379] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6380] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6380] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6380] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6380] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6378] <... futex resumed>) = 0 [pid 6378] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6379] <... futex resumed>) = 0 [pid 6378] <... futex resumed>) = 1 [pid 6379] getdents64(-1, [pid 6378] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6379] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6379] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6378] <... futex resumed>) = 0 [pid 6379] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6378] exit_group(0 [pid 6380] <... futex resumed>) = ? [pid 6379] <... futex resumed>) = ? [pid 6378] <... exit_group resumed>) = ? [pid 6380] +++ exited with 0 +++ [pid 6379] +++ exited with 0 +++ [pid 6378] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6378, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./432", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./432", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./432/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./432/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./432/binderfs") = 0 umount2("./432/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./432/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./432/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./432/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./432/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./432/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./432") = 0 mkdir("./433", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 119.465615][ T6379] loop0: detected capacity change from 0 to 256 [ 119.474344][ T6379] exfat: Deprecated parameter 'utf8' [ 119.485460][ T6379] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6381 ./strace-static-x86_64: Process 6381 attached [pid 6381] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6381] chdir("./433") = 0 [pid 6381] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6381] setpgid(0, 0) = 0 [pid 6381] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6381] write(3, "1000", 4) = 4 [pid 6381] close(3) = 0 [pid 6381] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6381] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6381] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6381] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6381] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6382], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6382 [pid 6381] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6381] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6382 attached [pid 6382] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6382] memfd_create("syzkaller", 0) = 3 [pid 6382] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6382] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6382] munmap(0x7f2656609000, 131072) = 0 [pid 6382] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6382] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6382] close(3) = 0 [pid 6382] mkdir("./file2", 0777) = 0 [pid 6382] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6382] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6382] chdir("./file2") = 0 [pid 6382] ioctl(4, LOOP_CLR_FD) = 0 [pid 6382] close(4) = 0 [pid 6382] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6381] <... futex resumed>) = 0 [pid 6382] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6381] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6381] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6382] <... openat resumed>) = 4 [pid 6382] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6381] <... futex resumed>) = 0 [pid 6382] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6381] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6382] <... openat resumed>) = 5 [pid 6381] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6382] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6381] <... futex resumed>) = 0 [pid 6382] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6381] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6382] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6381] <... futex resumed>) = 0 [pid 6382] write(4, "\x00\x00", 2 [pid 6381] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6382] <... write resumed>) = 2 [pid 6382] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6381] <... futex resumed>) = 0 [pid 6382] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6381] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6382] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6381] <... futex resumed>) = 0 [pid 6382] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6381] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6382] <... mmap resumed>) = 0x20000000 [pid 6381] <... futex resumed>) = 0 [pid 6382] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6381] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6382] <... futex resumed>) = 0 [pid 6381] <... mmap resumed>) = 0x7f2656608000 [pid 6382] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6381] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6381] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6383], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6383 [pid 6381] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6381] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6383 attached [pid 6383] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6383] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6383] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6383] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6381] <... futex resumed>) = 0 [pid 6381] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6382] <... futex resumed>) = 0 [pid 6381] <... futex resumed>) = 1 [pid 6382] getdents64(-1, [pid 6381] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6382] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6382] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6381] <... futex resumed>) = 0 [pid 6382] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6381] exit_group(0 [pid 6382] <... futex resumed>) = ? [pid 6381] <... exit_group resumed>) = ? [pid 6382] +++ exited with 0 +++ [pid 6383] <... futex resumed>) = ? [pid 6383] +++ exited with 0 +++ [pid 6381] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6381, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./433", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./433", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./433/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./433/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./433/binderfs") = 0 umount2("./433/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./433/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./433/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./433/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./433/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 [ 119.571507][ T6382] loop0: detected capacity change from 0 to 256 [ 119.580103][ T6382] exfat: Deprecated parameter 'utf8' [ 119.591752][ T6382] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) close(4) = 0 rmdir("./433/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./433") = 0 mkdir("./434", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6384 ./strace-static-x86_64: Process 6384 attached [pid 6384] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6384] chdir("./434") = 0 [pid 6384] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6384] setpgid(0, 0) = 0 [pid 6384] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6384] write(3, "1000", 4) = 4 [pid 6384] close(3) = 0 [pid 6384] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6384] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6384] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6384] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6384] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6385], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6385 [pid 6384] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6384] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6385 attached [pid 6385] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6385] memfd_create("syzkaller", 0) = 3 [pid 6385] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6385] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6385] munmap(0x7f2656609000, 131072) = 0 [pid 6385] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6385] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6385] close(3) = 0 [pid 6385] mkdir("./file2", 0777) = 0 [pid 6385] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6385] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6385] chdir("./file2") = 0 [pid 6385] ioctl(4, LOOP_CLR_FD) = 0 [pid 6385] close(4) = 0 [pid 6385] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6384] <... futex resumed>) = 0 [pid 6385] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6384] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6384] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6385] <... openat resumed>) = 4 [pid 6385] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6384] <... futex resumed>) = 0 [pid 6385] <... futex resumed>) = 1 [pid 6384] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6384] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6385] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6385] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6384] <... futex resumed>) = 0 [pid 6384] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6384] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6385] write(4, "\x00\x00", 2) = 2 [pid 6385] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6384] <... futex resumed>) = 0 [pid 6385] <... futex resumed>) = 1 [pid 6384] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6384] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6384] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6384] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6384] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6386], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6386 [pid 6384] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6384] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6385] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6385] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6385] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6386 attached [pid 6386] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6386] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6386] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6386] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6384] <... futex resumed>) = 0 [pid 6386] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6384] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6385] <... futex resumed>) = 0 [pid 6384] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6385] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6385] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6384] <... futex resumed>) = 0 [pid 6385] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6384] exit_group(0) = ? [pid 6385] <... futex resumed>) = ? [pid 6385] +++ exited with 0 +++ [pid 6386] <... futex resumed>) = ? [pid 6386] +++ exited with 0 +++ [pid 6384] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6384, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./434", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./434", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./434/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./434/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./434/binderfs") = 0 umount2("./434/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 119.676669][ T6385] loop0: detected capacity change from 0 to 256 [ 119.686288][ T6385] exfat: Deprecated parameter 'utf8' [ 119.696599][ T6385] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./434/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./434/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./434/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./434/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./434/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./434") = 0 mkdir("./435", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6387 ./strace-static-x86_64: Process 6387 attached [pid 6387] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6387] chdir("./435") = 0 [pid 6387] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6387] setpgid(0, 0) = 0 [pid 6387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6387] write(3, "1000", 4) = 4 [pid 6387] close(3) = 0 [pid 6387] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6387] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6387] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6387] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6387] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6388 attached , parent_tid=[6388], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6388 [pid 6388] set_robust_list(0x7f265ea299e0, 24 [pid 6387] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6388] <... set_robust_list resumed>) = 0 [pid 6387] <... futex resumed>) = 0 [pid 6388] memfd_create("syzkaller", 0) = 3 [pid 6388] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6387] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6388] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6388] munmap(0x7f2656609000, 131072) = 0 [pid 6388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6388] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6388] close(3) = 0 [pid 6388] mkdir("./file2", 0777) = 0 [pid 6388] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6388] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6388] chdir("./file2") = 0 [pid 6388] ioctl(4, LOOP_CLR_FD) = 0 [pid 6388] close(4) = 0 [pid 6388] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6388] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6387] <... futex resumed>) = 0 [pid 6387] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6388] <... futex resumed>) = 0 [pid 6387] <... futex resumed>) = 1 [pid 6388] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6387] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6388] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6387] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6388] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6387] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6388] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6387] <... futex resumed>) = 0 [pid 6388] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6387] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6388] <... openat resumed>) = 5 [pid 6388] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6387] <... futex resumed>) = 0 [pid 6388] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6387] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6388] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6387] <... futex resumed>) = 0 [pid 6388] write(4, "\x00\x00", 2 [pid 6387] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6388] <... write resumed>) = 2 [pid 6388] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6387] <... futex resumed>) = 0 [pid 6388] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6387] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6388] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6387] <... futex resumed>) = 0 [pid 6388] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6387] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6388] <... mmap resumed>) = 0x20000000 [pid 6387] <... futex resumed>) = 0 [pid 6388] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6387] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6388] <... futex resumed>) = 0 [pid 6387] <... mmap resumed>) = 0x7f2656608000 [pid 6388] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6387] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6387] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6389 attached , parent_tid=[6389], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6389 [pid 6387] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6387] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6389] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6389] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6389] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6389] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6387] <... futex resumed>) = 0 [pid 6389] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6387] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6388] <... futex resumed>) = 0 [pid 6387] <... futex resumed>) = 1 [pid 6388] getdents64(-1, [pid 6387] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6388] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6388] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6387] <... futex resumed>) = 0 [pid 6388] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6387] exit_group(0 [pid 6389] <... futex resumed>) = ? [pid 6388] <... futex resumed>) = ? [pid 6387] <... exit_group resumed>) = ? [pid 6389] +++ exited with 0 +++ [pid 6388] +++ exited with 0 +++ [pid 6387] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6387, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./435", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./435", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./435/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./435/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./435/binderfs") = 0 umount2("./435/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./435/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./435/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./435/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./435/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./435/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./435") = 0 [ 119.787435][ T6388] loop0: detected capacity change from 0 to 256 [ 119.796774][ T6388] exfat: Deprecated parameter 'utf8' [ 119.805618][ T6388] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) mkdir("./436", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6390 ./strace-static-x86_64: Process 6390 attached [pid 6390] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6390] chdir("./436") = 0 [pid 6390] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6390] setpgid(0, 0) = 0 [pid 6390] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6390] write(3, "1000", 4) = 4 [pid 6390] close(3) = 0 [pid 6390] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6390] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6390] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6390] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6390] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6391], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6391 [pid 6390] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6390] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6391 attached [pid 6391] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6391] memfd_create("syzkaller", 0) = 3 [pid 6391] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6391] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6391] munmap(0x7f2656609000, 131072) = 0 [pid 6391] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6391] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6391] close(3) = 0 [pid 6391] mkdir("./file2", 0777) = 0 [pid 6391] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6391] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6391] chdir("./file2") = 0 [pid 6391] ioctl(4, LOOP_CLR_FD) = 0 [pid 6391] close(4) = 0 [pid 6391] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6390] <... futex resumed>) = 0 [pid 6390] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6390] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6391] <... futex resumed>) = 1 [pid 6391] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6391] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6390] <... futex resumed>) = 0 [pid 6390] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6390] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6391] <... futex resumed>) = 1 [pid 6391] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6391] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6390] <... futex resumed>) = 0 [pid 6390] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6390] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6391] <... futex resumed>) = 1 [pid 6391] write(4, "\x00\x00", 2) = 2 [pid 6391] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6390] <... futex resumed>) = 0 [pid 6390] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6390] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6390] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6390] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6390] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6392 attached , parent_tid=[6392], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6392 [pid 6390] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6390] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6391] <... futex resumed>) = 1 [pid 6391] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6392] set_robust_list(0x7f26566289e0, 24 [pid 6391] <... mmap resumed>) = 0x20000000 [pid 6391] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6391] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6392] <... set_robust_list resumed>) = 0 [pid 6392] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6392] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6392] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6390] <... futex resumed>) = 0 [pid 6390] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6390] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6391] <... futex resumed>) = 0 [pid 6391] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6391] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6390] <... futex resumed>) = 0 [pid 6390] exit_group(0) = ? [pid 6391] <... futex resumed>) = ? [pid 6392] <... futex resumed>) = ? [pid 6391] +++ exited with 0 +++ [pid 6392] +++ exited with 0 +++ [pid 6390] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6390, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./436", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./436", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./436/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./436/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 119.885457][ T6391] loop0: detected capacity change from 0 to 256 [ 119.892335][ T5080] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 119.894895][ T6391] exfat: Deprecated parameter 'utf8' [ 119.918335][ T6391] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) unlink("./436/binderfs") = 0 umount2("./436/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./436/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./436/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./436/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./436/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./436/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./436") = 0 mkdir("./437", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6393 ./strace-static-x86_64: Process 6393 attached [pid 6393] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6393] chdir("./437") = 0 [pid 6393] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6393] setpgid(0, 0) = 0 [pid 6393] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6393] write(3, "1000", 4) = 4 [pid 6393] close(3) = 0 [pid 6393] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6393] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6393] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6393] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6393] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6394 attached , parent_tid=[6394], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6394 [pid 6393] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6394] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6393] <... futex resumed>) = 0 [pid 6394] memfd_create("syzkaller", 0 [pid 6393] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6394] <... memfd_create resumed>) = 3 [pid 6394] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6394] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6394] munmap(0x7f2656609000, 131072) = 0 [pid 6394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6394] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6394] close(3) = 0 [pid 6394] mkdir("./file2", 0777) = 0 [pid 6394] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6394] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6394] chdir("./file2") = 0 [pid 6394] ioctl(4, LOOP_CLR_FD) = 0 [pid 6394] close(4) = 0 [pid 6394] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6393] <... futex resumed>) = 0 [pid 6393] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6393] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6394] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6394] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6393] <... futex resumed>) = 0 [pid 6393] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6393] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6394] <... futex resumed>) = 1 [pid 6394] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6394] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6393] <... futex resumed>) = 0 [pid 6393] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6393] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6394] <... futex resumed>) = 1 [pid 6394] write(4, "\x00\x00", 2) = 2 [pid 6394] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6393] <... futex resumed>) = 0 [pid 6393] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6393] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6393] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6393] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6393] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6395 attached , parent_tid=[6395], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6395 [pid 6395] set_robust_list(0x7f26566289e0, 24 [pid 6393] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6395] <... set_robust_list resumed>) = 0 [pid 6393] <... futex resumed>) = 0 [pid 6395] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6393] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6394] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6394] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6395] <... openat resumed>) = 6 [pid 6394] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6395] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6393] <... futex resumed>) = 0 [pid 6395] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6393] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6394] <... futex resumed>) = 0 [pid 6393] <... futex resumed>) = 1 [pid 6394] getdents64(6, [pid 6393] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6394] <... getdents64 resumed>NULL, 32776) = -1 EFAULT (Bad address) [pid 6394] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6393] <... futex resumed>) = 0 [pid 6394] <... futex resumed>) = 1 [pid 6393] exit_group(0 [pid 6394] ???( [pid 6393] <... exit_group resumed>) = ? [pid 6394] <... ??? resumed>) = ? [pid 6395] <... futex resumed>) = ? [pid 6395] +++ exited with 0 +++ [pid 6394] +++ exited with 0 +++ [pid 6393] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6393, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./437", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./437", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./437/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./437/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./437/binderfs") = 0 [ 120.009239][ T6394] loop0: detected capacity change from 0 to 256 [ 120.019705][ T6394] exfat: Deprecated parameter 'utf8' [ 120.030290][ T6394] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./437/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./437/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./437/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./437/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./437/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./437/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./437") = 0 mkdir("./438", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6396 ./strace-static-x86_64: Process 6396 attached [pid 6396] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6396] chdir("./438") = 0 [pid 6396] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6396] setpgid(0, 0) = 0 [pid 6396] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6396] write(3, "1000", 4) = 4 [pid 6396] close(3) = 0 [pid 6396] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6396] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6396] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6396] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6396] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6397 attached , parent_tid=[6397], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6397 [pid 6397] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6397] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6396] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6397] <... futex resumed>) = 0 [pid 6396] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6397] memfd_create("syzkaller", 0) = 3 [pid 6397] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6397] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6397] munmap(0x7f2656609000, 131072) = 0 [pid 6397] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6397] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6397] close(3) = 0 [pid 6397] mkdir("./file2", 0777) = 0 [pid 6397] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6397] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6397] chdir("./file2") = 0 [pid 6397] ioctl(4, LOOP_CLR_FD) = 0 [pid 6397] close(4) = 0 [pid 6397] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6396] <... futex resumed>) = 0 [pid 6396] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6397] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6396] <... futex resumed>) = 0 [pid 6396] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6397] <... openat resumed>) = 4 [pid 6397] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6396] <... futex resumed>) = 0 [pid 6397] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6396] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6396] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6397] <... openat resumed>) = 5 [pid 6397] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6396] <... futex resumed>) = 0 [pid 6396] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6396] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6397] write(4, "\x00\x00", 2) = 2 [pid 6397] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6396] <... futex resumed>) = 0 [pid 6396] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6396] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6397] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6396] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6397] <... mmap resumed>) = 0x20000000 [pid 6396] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6397] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6396] <... mprotect resumed>) = 0 [pid 6396] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6397] <... futex resumed>) = 0 [pid 6397] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6396] <... clone resumed>, parent_tid=[6398], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6398 ./strace-static-x86_64: Process 6398 attached [pid 6396] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6396] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6398] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6398] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6398] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6398] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6396] <... futex resumed>) = 0 [pid 6398] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6396] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6397] <... futex resumed>) = 0 [pid 6396] <... futex resumed>) = 1 [pid 6397] getdents64(-1, [pid 6396] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6397] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6397] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6396] <... futex resumed>) = 0 [pid 6397] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6396] exit_group(0 [pid 6397] <... futex resumed>) = ? [pid 6396] <... exit_group resumed>) = ? [pid 6397] +++ exited with 0 +++ [pid 6398] <... futex resumed>) = ? [pid 6398] +++ exited with 0 +++ [pid 6396] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6396, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./438", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./438", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./438/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./438/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./438/binderfs") = 0 umount2("./438/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 120.140770][ T6397] loop0: detected capacity change from 0 to 256 [ 120.149701][ T6397] exfat: Deprecated parameter 'utf8' [ 120.160923][ T6397] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./438/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./438/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./438/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./438/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./438/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./438") = 0 mkdir("./439", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6399 attached , child_tidptr=0x555556b3a6d0) = 6399 [pid 6399] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6399] chdir("./439") = 0 [pid 6399] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6399] setpgid(0, 0) = 0 [pid 6399] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6399] write(3, "1000", 4) = 4 [pid 6399] close(3) = 0 [pid 6399] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6399] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6399] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6399] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6399] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6400], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6400 ./strace-static-x86_64: Process 6400 attached [pid 6399] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6399] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6400] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6400] memfd_create("syzkaller", 0) = 3 [pid 6400] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6400] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6400] munmap(0x7f2656609000, 131072) = 0 [pid 6400] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6400] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6400] close(3) = 0 [pid 6400] mkdir("./file2", 0777) = 0 [pid 6400] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6400] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6400] chdir("./file2") = 0 [pid 6400] ioctl(4, LOOP_CLR_FD) = 0 [pid 6400] close(4) = 0 [pid 6400] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6399] <... futex resumed>) = 0 [pid 6400] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6399] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6400] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6399] <... futex resumed>) = 0 [pid 6399] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6400] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6400] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6399] <... futex resumed>) = 0 [pid 6400] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6399] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6400] <... openat resumed>) = 5 [pid 6399] <... futex resumed>) = 0 [pid 6400] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6399] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6400] <... futex resumed>) = 0 [pid 6399] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6400] write(4, "\x00\x00", 2 [pid 6399] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6400] <... write resumed>) = 2 [pid 6399] <... futex resumed>) = 0 [pid 6400] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6399] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6400] <... futex resumed>) = 0 [pid 6399] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6400] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6399] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6400] <... mmap resumed>) = 0x20000000 [pid 6399] <... futex resumed>) = 0 [pid 6400] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6399] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6400] <... futex resumed>) = 0 [pid 6399] <... futex resumed>) = 0 [pid 6400] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6399] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6399] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6399] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6401], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6401 ./strace-static-x86_64: Process 6401 attached [pid 6399] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6399] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6401] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6401] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6401] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6401] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6399] <... futex resumed>) = 0 [pid 6401] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6399] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6400] <... futex resumed>) = 0 [pid 6399] <... futex resumed>) = 1 [pid 6400] getdents64(-1, [pid 6399] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6400] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6400] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6399] <... futex resumed>) = 0 [pid 6400] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6399] exit_group(0 [pid 6401] <... futex resumed>) = ? [pid 6400] <... futex resumed>) = ? [pid 6399] <... exit_group resumed>) = ? [pid 6401] +++ exited with 0 +++ [pid 6400] +++ exited with 0 +++ [pid 6399] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6399, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./439", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./439", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./439/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./439/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./439/binderfs") = 0 umount2("./439/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 120.271422][ T6400] loop0: detected capacity change from 0 to 256 [ 120.280220][ T6400] exfat: Deprecated parameter 'utf8' [ 120.290578][ T6400] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./439/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./439/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./439/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./439/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./439/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./439") = 0 mkdir("./440", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6402 ./strace-static-x86_64: Process 6402 attached [pid 6402] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6402] chdir("./440") = 0 [pid 6402] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6402] setpgid(0, 0) = 0 [pid 6402] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6402] write(3, "1000", 4) = 4 [pid 6402] close(3) = 0 [pid 6402] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6402] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6402] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6402] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6402] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6403], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6403 [pid 6402] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6402] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6403 attached [pid 6403] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6403] memfd_create("syzkaller", 0) = 3 [pid 6403] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6403] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6403] munmap(0x7f2656609000, 131072) = 0 [pid 6403] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6403] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6403] close(3) = 0 [pid 6403] mkdir("./file2", 0777) = 0 [pid 6403] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6403] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6403] chdir("./file2") = 0 [pid 6403] ioctl(4, LOOP_CLR_FD) = 0 [pid 6403] close(4) = 0 [pid 6403] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6402] <... futex resumed>) = 0 [pid 6403] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6402] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6403] <... openat resumed>) = 4 [pid 6402] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6403] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6402] <... futex resumed>) = 0 [pid 6403] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6402] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6403] <... openat resumed>) = 5 [pid 6402] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6403] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6402] <... futex resumed>) = 0 [pid 6402] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6403] write(4, "\x00\x00", 2 [pid 6402] <... futex resumed>) = 0 [pid 6403] <... write resumed>) = 2 [pid 6402] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6403] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6402] <... futex resumed>) = 0 [pid 6403] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6402] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6403] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6402] <... futex resumed>) = 0 [pid 6403] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6402] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6403] <... mmap resumed>) = 0x20000000 [pid 6402] <... futex resumed>) = 0 [pid 6403] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6402] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6403] <... futex resumed>) = 0 [pid 6403] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6402] <... mmap resumed>) = 0x7f2656608000 [pid 6402] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6402] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6404 attached , parent_tid=[6404], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6404 [pid 6404] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6404] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6402] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6404] <... futex resumed>) = 0 [pid 6404] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6404] openat(AT_FDCWD, "", O_RDONLY [pid 6402] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6404] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 6404] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6404] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6402] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6402] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6403] <... futex resumed>) = 0 [pid 6402] <... futex resumed>) = 1 [pid 6403] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6402] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6403] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6402] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6403] <... futex resumed>) = 0 [pid 6402] exit_group(0 [pid 6403] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 6402] <... exit_group resumed>) = ? [pid 6403] +++ exited with 0 +++ [pid 6404] <... futex resumed>) = ? [pid 6404] +++ exited with 0 +++ [pid 6402] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6402, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./440", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./440", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./440/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./440/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./440/binderfs") = 0 umount2("./440/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./440/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./440/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./440/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./440/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 120.391244][ T6403] loop0: detected capacity change from 0 to 256 [ 120.401088][ T6403] exfat: Deprecated parameter 'utf8' [ 120.410579][ T6403] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./440/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./440") = 0 mkdir("./441", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6405 ./strace-static-x86_64: Process 6405 attached [pid 6405] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6405] chdir("./441") = 0 [pid 6405] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6405] setpgid(0, 0) = 0 [pid 6405] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6405] write(3, "1000", 4) = 4 [pid 6405] close(3) = 0 [pid 6405] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6405] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6405] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6405] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6405] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6406 attached , parent_tid=[6406], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6406 [pid 6406] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6406] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6405] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6406] <... futex resumed>) = 0 [pid 6405] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6406] memfd_create("syzkaller", 0) = 3 [pid 6406] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6406] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6406] munmap(0x7f2656609000, 131072) = 0 [pid 6406] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6406] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6406] close(3) = 0 [pid 6406] mkdir("./file2", 0777) = 0 [pid 6406] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6406] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6406] chdir("./file2") = 0 [pid 6406] ioctl(4, LOOP_CLR_FD) = 0 [pid 6406] close(4) = 0 [pid 6406] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6405] <... futex resumed>) = 0 [pid 6405] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6405] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6406] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6406] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6405] <... futex resumed>) = 0 [pid 6405] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6405] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6406] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6406] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6405] <... futex resumed>) = 0 [pid 6405] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6405] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6406] write(4, "\x00\x00", 2) = 2 [pid 6406] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6405] <... futex resumed>) = 0 [pid 6405] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6405] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6405] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6406] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6405] <... mmap resumed>) = 0x7f2656608000 [pid 6405] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6405] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6407 attached , parent_tid=[6407], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6407 [pid 6406] <... mmap resumed>) = 0x20000000 [pid 6405] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6405] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6407] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6407] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6407] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6407] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6405] <... futex resumed>) = 0 [pid 6405] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6406] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6405] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6407] <... futex resumed>) = 1 [pid 6407] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6407] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6405] <... futex resumed>) = 0 [pid 6405] exit_group(0) = ? [pid 6407] <... futex resumed>) = ? [pid 6406] <... futex resumed>) = ? [pid 6407] +++ exited with 0 +++ [pid 6406] +++ exited with 0 +++ [pid 6405] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6405, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./441", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./441", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./441/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./441/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./441/binderfs") = 0 umount2("./441/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 120.517784][ T6406] loop0: detected capacity change from 0 to 256 [ 120.526955][ T6406] exfat: Deprecated parameter 'utf8' [ 120.537028][ T6406] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./441/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./441/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./441/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./441/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./441/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./441") = 0 mkdir("./442", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6408 ./strace-static-x86_64: Process 6408 attached [pid 6408] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6408] chdir("./442") = 0 [pid 6408] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6408] setpgid(0, 0) = 0 [pid 6408] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6408] write(3, "1000", 4) = 4 [pid 6408] close(3) = 0 [pid 6408] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6408] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6408] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6408] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6408] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6409], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6409 [pid 6408] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6408] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6409 attached [pid 6409] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6409] memfd_create("syzkaller", 0) = 3 [pid 6409] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6409] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6409] munmap(0x7f2656609000, 131072) = 0 [pid 6409] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6409] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6409] close(3) = 0 [pid 6409] mkdir("./file2", 0777) = 0 [pid 6409] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6409] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6409] chdir("./file2") = 0 [pid 6409] ioctl(4, LOOP_CLR_FD) = 0 [pid 6409] close(4) = 0 [pid 6409] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6408] <... futex resumed>) = 0 [pid 6408] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6408] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6409] <... futex resumed>) = 1 [pid 6409] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6409] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6408] <... futex resumed>) = 0 [pid 6408] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6409] <... futex resumed>) = 1 [pid 6408] <... futex resumed>) = 0 [pid 6409] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6408] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6409] <... openat resumed>) = 5 [pid 6409] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6408] <... futex resumed>) = 0 [pid 6408] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6408] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6409] <... futex resumed>) = 1 [pid 6409] write(4, "\x00\x00", 2) = 2 [pid 6409] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6408] <... futex resumed>) = 0 [pid 6409] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6408] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6409] <... mmap resumed>) = 0x20000000 [pid 6408] <... futex resumed>) = 0 [pid 6408] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6408] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6409] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6408] <... mmap resumed>) = 0x7f2656608000 [pid 6409] <... futex resumed>) = 0 [pid 6408] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6409] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6408] <... mprotect resumed>) = 0 [pid 6408] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6410], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6410 [pid 6408] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6408] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6410 attached [pid 6410] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6410] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6410] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6410] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6408] <... futex resumed>) = 0 [pid 6408] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6409] <... futex resumed>) = 0 [pid 6408] <... futex resumed>) = 1 [pid 6409] getdents64(-1, [pid 6408] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6410] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6409] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6409] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6408] <... futex resumed>) = 0 [pid 6409] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6408] exit_group(0 [pid 6409] <... futex resumed>) = ? [pid 6408] <... exit_group resumed>) = ? [pid 6410] <... futex resumed>) = ? [pid 6409] +++ exited with 0 +++ [pid 6410] +++ exited with 0 +++ [pid 6408] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6408, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./442", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./442", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./442/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./442/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./442/binderfs") = 0 [ 120.624711][ T6409] loop0: detected capacity change from 0 to 256 [ 120.634930][ T6409] exfat: Deprecated parameter 'utf8' [ 120.644822][ T6409] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./442/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./442/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./442/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./442/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./442/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./442/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./442") = 0 mkdir("./443", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6411 ./strace-static-x86_64: Process 6411 attached [pid 6411] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6411] chdir("./443") = 0 [pid 6411] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6411] setpgid(0, 0) = 0 [pid 6411] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6411] write(3, "1000", 4) = 4 [pid 6411] close(3) = 0 [pid 6411] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6411] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6411] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6411] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6411] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6412], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6412 [pid 6411] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6411] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6412 attached [pid 6412] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6412] memfd_create("syzkaller", 0) = 3 [pid 6412] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6412] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6412] munmap(0x7f2656609000, 131072) = 0 [pid 6412] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6412] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6412] close(3) = 0 [pid 6412] mkdir("./file2", 0777) = 0 [pid 6412] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6412] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6412] chdir("./file2") = 0 [pid 6412] ioctl(4, LOOP_CLR_FD) = 0 [pid 6412] close(4) = 0 [pid 6412] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6411] <... futex resumed>) = 0 [pid 6411] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6411] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6412] <... futex resumed>) = 1 [pid 6412] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6412] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6411] <... futex resumed>) = 0 [pid 6411] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6411] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6412] <... futex resumed>) = 1 [pid 6412] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6412] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6411] <... futex resumed>) = 0 [pid 6411] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6411] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6412] write(4, "\x00\x00", 2) = 2 [pid 6412] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6411] <... futex resumed>) = 0 [pid 6411] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6411] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6411] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6411] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6411] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6413 attached , parent_tid=[6413], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6413 [pid 6411] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6411] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6412] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6413] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6413] openat(AT_FDCWD, "", O_RDONLY [pid 6412] <... mmap resumed>) = 0x20000000 [pid 6412] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6413] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 6413] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6411] <... futex resumed>) = 0 [pid 6413] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6411] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6411] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6412] <... futex resumed>) = 1 [pid 6411] <... futex resumed>) = 0 [pid 6411] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 6412] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6412] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6411] <... futex resumed>) = 0 [pid 6411] exit_group(0 [pid 6412] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 6411] <... exit_group resumed>) = ? [pid 6413] <... futex resumed>) = ? [pid 6413] +++ exited with 0 +++ [pid 6412] +++ exited with 0 +++ [pid 6411] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6411, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./443", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./443", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 120.722376][ T6412] loop0: detected capacity change from 0 to 256 [ 120.733925][ T6412] exfat: Deprecated parameter 'utf8' [ 120.747729][ T6412] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./443/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./443/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./443/binderfs") = 0 umount2("./443/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./443/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./443/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./443/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./443/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./443/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./443") = 0 mkdir("./444", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6414 ./strace-static-x86_64: Process 6414 attached [pid 6414] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6414] chdir("./444") = 0 [pid 6414] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6414] setpgid(0, 0) = 0 [pid 6414] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6414] write(3, "1000", 4) = 4 [pid 6414] close(3) = 0 [pid 6414] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6414] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6414] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6414] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6414] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6415 attached , parent_tid=[6415], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6415 [pid 6414] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6415] set_robust_list(0x7f265ea299e0, 24 [pid 6414] <... futex resumed>) = 0 [pid 6414] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6415] <... set_robust_list resumed>) = 0 [pid 6415] memfd_create("syzkaller", 0) = 3 [pid 6415] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6415] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6415] munmap(0x7f2656609000, 131072) = 0 [pid 6415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6415] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6415] close(3) = 0 [pid 6415] mkdir("./file2", 0777) = 0 [pid 6415] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6415] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6415] chdir("./file2") = 0 [pid 6415] ioctl(4, LOOP_CLR_FD) = 0 [pid 6415] close(4) = 0 [pid 6415] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6414] <... futex resumed>) = 0 [pid 6415] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6414] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6415] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6414] <... futex resumed>) = 0 [pid 6415] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6414] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6415] <... openat resumed>) = 4 [pid 6415] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6414] <... futex resumed>) = 0 [pid 6415] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6414] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6415] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6414] <... futex resumed>) = 0 [pid 6415] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6414] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6415] <... openat resumed>) = 5 [pid 6415] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6414] <... futex resumed>) = 0 [pid 6414] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6414] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6415] <... futex resumed>) = 1 [pid 6415] write(4, "\x00\x00", 2) = 2 [pid 6415] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6414] <... futex resumed>) = 0 [pid 6415] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6414] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6415] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6414] <... futex resumed>) = 0 [pid 6415] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6414] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6414] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6414] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6414] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6415] <... mmap resumed>) = 0x20000000 [pid 6415] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6414] <... clone resumed>, parent_tid=[6416], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6416 ./strace-static-x86_64: Process 6416 attached [pid 6415] <... futex resumed>) = 0 [pid 6414] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6416] set_robust_list(0x7f26566289e0, 24 [pid 6415] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6414] <... futex resumed>) = 0 [pid 6416] <... set_robust_list resumed>) = 0 [pid 6414] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6416] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6416] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6416] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6414] <... futex resumed>) = 0 [pid 6414] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6414] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6415] <... futex resumed>) = 0 [pid 6415] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6415] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6414] <... futex resumed>) = 0 [pid 6414] exit_group(0) = ? [pid 6415] <... futex resumed>) = ? [pid 6415] +++ exited with 0 +++ [pid 6416] <... futex resumed>) = ? [pid 6416] +++ exited with 0 +++ [pid 6414] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6414, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./444", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./444", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./444/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./444/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./444/binderfs") = 0 umount2("./444/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 120.849391][ T6415] loop0: detected capacity change from 0 to 256 [ 120.859548][ T6415] exfat: Deprecated parameter 'utf8' [ 120.870448][ T6415] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./444/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./444/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./444/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./444/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./444/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./444") = 0 mkdir("./445", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6417 ./strace-static-x86_64: Process 6417 attached [pid 6417] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6417] chdir("./445") = 0 [pid 6417] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6417] setpgid(0, 0) = 0 [pid 6417] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6417] write(3, "1000", 4) = 4 [pid 6417] close(3) = 0 [pid 6417] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6417] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6417] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6417] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6417] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6418], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6418 [pid 6417] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6417] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6418 attached [pid 6418] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6418] memfd_create("syzkaller", 0) = 3 [pid 6418] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6418] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6418] munmap(0x7f2656609000, 131072) = 0 [pid 6418] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6418] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6418] close(3) = 0 [pid 6418] mkdir("./file2", 0777) = 0 [pid 6418] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6418] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6418] chdir("./file2") = 0 [pid 6418] ioctl(4, LOOP_CLR_FD) = 0 [pid 6418] close(4) = 0 [pid 6418] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6417] <... futex resumed>) = 0 [pid 6417] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6418] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6417] <... futex resumed>) = 0 [pid 6417] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6418] <... openat resumed>) = 4 [pid 6418] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6417] <... futex resumed>) = 0 [pid 6418] <... futex resumed>) = 1 [pid 6417] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6418] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6417] <... futex resumed>) = 0 [pid 6417] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6418] <... openat resumed>) = 5 [pid 6418] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6417] <... futex resumed>) = 0 [pid 6418] <... futex resumed>) = 1 [pid 6418] write(4, "\x00\x00", 2 [pid 6417] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6417] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6418] <... write resumed>) = 2 [pid 6418] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6417] <... futex resumed>) = 0 [pid 6418] <... futex resumed>) = 1 [pid 6417] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6417] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6417] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6417] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6417] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6419], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6419 [pid 6417] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6417] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6418] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0./strace-static-x86_64: Process 6419 attached [pid 6419] set_robust_list(0x7f26566289e0, 24 [pid 6418] <... mmap resumed>) = 0x20000000 [pid 6419] <... set_robust_list resumed>) = 0 [pid 6419] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6419] openat(AT_FDCWD, "", O_RDONLY [pid 6418] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6419] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 6419] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6418] <... futex resumed>) = 0 [pid 6419] <... futex resumed>) = 1 [pid 6418] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6417] <... futex resumed>) = 0 [pid 6419] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6418] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6417] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6418] getdents64(-1, [pid 6417] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6418] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6418] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6417] <... futex resumed>) = 0 [pid 6418] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6417] exit_group(0 [pid 6419] <... futex resumed>) = ? [pid 6418] <... futex resumed>) = ? [pid 6417] <... exit_group resumed>) = ? [pid 6419] +++ exited with 0 +++ [pid 6418] +++ exited with 0 +++ [pid 6417] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6417, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./445", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./445", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 120.981938][ T6418] loop0: detected capacity change from 0 to 256 [ 120.991645][ T6418] exfat: Deprecated parameter 'utf8' [ 121.002459][ T6418] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./445/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./445/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./445/binderfs") = 0 umount2("./445/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./445/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./445/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./445/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./445/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./445/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./445") = 0 mkdir("./446", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6420 ./strace-static-x86_64: Process 6420 attached [pid 6420] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6420] chdir("./446") = 0 [pid 6420] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6420] setpgid(0, 0) = 0 [pid 6420] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6420] write(3, "1000", 4) = 4 [pid 6420] close(3) = 0 [pid 6420] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6420] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6420] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6420] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6420] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6421 attached [pid 6421] set_robust_list(0x7f265ea299e0, 24 [pid 6420] <... clone resumed>, parent_tid=[6421], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6421 [pid 6421] <... set_robust_list resumed>) = 0 [pid 6420] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6420] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6421] memfd_create("syzkaller", 0) = 3 [pid 6421] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6421] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6421] munmap(0x7f2656609000, 131072) = 0 [pid 6421] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6421] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6421] close(3) = 0 [pid 6421] mkdir("./file2", 0777) = 0 [pid 6421] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6421] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6421] chdir("./file2") = 0 [pid 6421] ioctl(4, LOOP_CLR_FD) = 0 [pid 6421] close(4) = 0 [pid 6421] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6421] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6420] <... futex resumed>) = 0 [pid 6420] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6420] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6421] <... futex resumed>) = 0 [pid 6421] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6421] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6420] <... futex resumed>) = 0 [pid 6420] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6420] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6421] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6421] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6420] <... futex resumed>) = 0 [pid 6420] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6420] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6421] write(4, "\x00\x00", 2) = 2 [pid 6421] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6420] <... futex resumed>) = 0 [pid 6420] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6420] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6420] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6421] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6420] <... mmap resumed>) = 0x7f2656608000 [pid 6420] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6421] <... mmap resumed>) = 0x20000000 [pid 6420] <... mprotect resumed>) = 0 [pid 6421] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6420] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6422 attached [ 121.100721][ T6421] loop0: detected capacity change from 0 to 256 [ 121.109300][ T6421] exfat: Deprecated parameter 'utf8' [ 121.120771][ T6421] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6421] <... futex resumed>) = 0 [pid 6420] <... clone resumed>, parent_tid=[6422], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6422 [pid 6422] set_robust_list(0x7f26566289e0, 24 [pid 6420] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6422] <... set_robust_list resumed>) = 0 [pid 6420] <... futex resumed>) = 0 [pid 6422] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6420] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6422] openat(AT_FDCWD, "", O_RDONLY [pid 6421] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6422] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 6422] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6420] <... futex resumed>) = 0 [pid 6422] <... futex resumed>) = 1 [pid 6420] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6422] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6420] <... futex resumed>) = 1 [pid 6421] <... futex resumed>) = 0 [pid 6420] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6421] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6421] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6420] <... futex resumed>) = 0 [pid 6421] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6420] exit_group(0 [pid 6421] <... futex resumed>) = ? [pid 6420] <... exit_group resumed>) = ? [pid 6422] <... futex resumed>) = ? [pid 6421] +++ exited with 0 +++ [pid 6422] +++ exited with 0 +++ [pid 6420] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6420, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./446", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./446", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./446/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./446/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./446/binderfs") = 0 umount2("./446/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./446/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./446/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./446/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./446/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./446/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./446") = 0 mkdir("./447", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6423 ./strace-static-x86_64: Process 6423 attached [pid 6423] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6423] chdir("./447") = 0 [pid 6423] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6423] setpgid(0, 0) = 0 [pid 6423] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6423] write(3, "1000", 4) = 4 [pid 6423] close(3) = 0 [pid 6423] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6423] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6423] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6423] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6423] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6424], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6424 [pid 6423] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6423] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6424 attached [pid 6424] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6424] memfd_create("syzkaller", 0) = 3 [pid 6424] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6424] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6424] munmap(0x7f2656609000, 131072) = 0 [pid 6424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6424] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6424] close(3) = 0 [pid 6424] mkdir("./file2", 0777) = 0 [pid 6424] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6424] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6424] chdir("./file2") = 0 [pid 6424] ioctl(4, LOOP_CLR_FD) = 0 [pid 6424] close(4) = 0 [pid 6424] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6423] <... futex resumed>) = 0 [pid 6423] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6423] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6424] <... futex resumed>) = 1 [pid 6424] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6424] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6423] <... futex resumed>) = 0 [pid 6424] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6423] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6423] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6424] <... openat resumed>) = 5 [pid 6424] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6423] <... futex resumed>) = 0 [pid 6424] <... futex resumed>) = 1 [pid 6424] write(4, "\x00\x00", 2 [pid 6423] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6423] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6424] <... write resumed>) = 2 [pid 6424] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6423] <... futex resumed>) = 0 [pid 6423] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6423] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6423] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6423] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6423] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6425 attached , parent_tid=[6425], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6425 [pid 6423] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6423] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6425] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6425] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6424] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6425] <... openat resumed>) = 6 [pid 6425] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6423] <... futex resumed>) = 0 [pid 6423] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6423] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6425] <... futex resumed>) = 1 [pid 6425] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 6424] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6425] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6423] <... futex resumed>) = 0 [pid 6423] exit_group(0) = ? [pid 6424] <... futex resumed>) = ? [pid 6425] <... futex resumed>) = ? [pid 6425] +++ exited with 0 +++ [pid 6424] +++ exited with 0 +++ [pid 6423] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6423, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./447", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./447", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./447/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./447/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./447/binderfs") = 0 [ 121.237413][ T6424] loop0: detected capacity change from 0 to 256 [ 121.247124][ T6424] exfat: Deprecated parameter 'utf8' [ 121.257692][ T6424] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./447/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./447/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./447/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./447/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./447/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./447/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./447") = 0 mkdir("./448", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6426 ./strace-static-x86_64: Process 6426 attached [pid 6426] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6426] chdir("./448") = 0 [pid 6426] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6426] setpgid(0, 0) = 0 [pid 6426] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6426] write(3, "1000", 4) = 4 [pid 6426] close(3) = 0 [pid 6426] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6426] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6426] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6426] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6427], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6427 [pid 6426] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6426] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6427 attached [pid 6427] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6427] memfd_create("syzkaller", 0) = 3 [pid 6427] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6427] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6427] munmap(0x7f2656609000, 131072) = 0 [pid 6427] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6427] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6427] close(3) = 0 [pid 6427] mkdir("./file2", 0777) = 0 [pid 6427] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6427] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6427] chdir("./file2") = 0 [pid 6427] ioctl(4, LOOP_CLR_FD) = 0 [pid 6427] close(4) = 0 [pid 6427] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6426] <... futex resumed>) = 0 [pid 6426] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6426] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6427] <... futex resumed>) = 1 [pid 6427] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6427] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6426] <... futex resumed>) = 0 [pid 6426] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6426] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6427] <... futex resumed>) = 1 [pid 6427] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6427] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6426] <... futex resumed>) = 0 [pid 6426] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6426] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6427] <... futex resumed>) = 1 [pid 6427] write(4, "\x00\x00", 2) = 2 [pid 6427] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6426] <... futex resumed>) = 0 [pid 6426] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6426] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6426] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6426] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6428], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6428 [pid 6426] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6426] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6427] <... futex resumed>) = 1 [pid 6427] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6427] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6427] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6428 attached [pid 6428] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6428] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6428] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6428] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6426] <... futex resumed>) = 0 [pid 6426] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6426] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6427] <... futex resumed>) = 0 [pid 6427] getdents64(-1, [pid 6428] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6427] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6427] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6426] <... futex resumed>) = 0 [pid 6427] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6426] exit_group(0 [pid 6427] <... futex resumed>) = ? [pid 6426] <... exit_group resumed>) = ? [pid 6428] <... futex resumed>) = ? [pid 6427] +++ exited with 0 +++ [pid 6428] +++ exited with 0 +++ [pid 6426] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6426, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./448", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./448", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./448/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 121.343320][ T6427] loop0: detected capacity change from 0 to 256 [ 121.350358][ T5080] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 121.354648][ T6427] exfat: Deprecated parameter 'utf8' [ 121.372669][ T6427] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) lstat("./448/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./448/binderfs") = 0 umount2("./448/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./448/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./448/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./448/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./448/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./448/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./448") = 0 mkdir("./449", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6429 ./strace-static-x86_64: Process 6429 attached [pid 6429] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6429] chdir("./449") = 0 [pid 6429] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6429] setpgid(0, 0) = 0 [pid 6429] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6429] write(3, "1000", 4) = 4 [pid 6429] close(3) = 0 [pid 6429] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6429] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6429] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6429] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6429] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6430 attached , parent_tid=[6430], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6430 [pid 6429] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6430] set_robust_list(0x7f265ea299e0, 24 [pid 6429] <... futex resumed>) = 0 [pid 6430] <... set_robust_list resumed>) = 0 [pid 6429] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6430] memfd_create("syzkaller", 0) = 3 [pid 6430] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6430] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6430] munmap(0x7f2656609000, 131072) = 0 [pid 6430] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6430] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6430] close(3) = 0 [pid 6430] mkdir("./file2", 0777) = 0 [pid 6430] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6430] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6430] chdir("./file2") = 0 [pid 6430] ioctl(4, LOOP_CLR_FD) = 0 [pid 6430] close(4) = 0 [pid 6430] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6429] <... futex resumed>) = 0 [pid 6429] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6429] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6430] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6430] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6429] <... futex resumed>) = 0 [pid 6429] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6429] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6430] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6430] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6429] <... futex resumed>) = 0 [pid 6429] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6429] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6430] write(4, "\x00\x00", 2) = 2 [pid 6430] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6429] <... futex resumed>) = 0 [pid 6429] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6429] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6429] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6430] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6429] <... mmap resumed>) = 0x7f2656608000 [pid 6429] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6430] <... mmap resumed>) = 0x20000000 [pid 6429] <... mprotect resumed>) = 0 [pid 6429] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6430] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6429] <... clone resumed>, parent_tid=[6431], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6431 [pid 6430] <... futex resumed>) = 0 [pid 6429] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6429] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6431 attached [pid 6430] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6431] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6431] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6431] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6431] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6429] <... futex resumed>) = 0 [pid 6429] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6431] <... futex resumed>) = 1 [pid 6430] <... futex resumed>) = 0 [pid 6429] <... futex resumed>) = 1 [pid 6430] getdents64(-1, [pid 6429] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6430] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6431] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6430] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6429] <... futex resumed>) = 0 [pid 6430] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6429] exit_group(0) = ? [pid 6431] <... futex resumed>) = ? [pid 6431] +++ exited with 0 +++ [pid 6430] <... futex resumed>) = ? [pid 6430] +++ exited with 0 +++ [pid 6429] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6429, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./449", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./449", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./449/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./449/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./449/binderfs") = 0 [ 121.473682][ T6430] loop0: detected capacity change from 0 to 256 [ 121.483821][ T6430] exfat: Deprecated parameter 'utf8' [ 121.494799][ T6430] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./449/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./449/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./449/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./449/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./449/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./449/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./449") = 0 mkdir("./450", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6432 ./strace-static-x86_64: Process 6432 attached [pid 6432] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6432] chdir("./450") = 0 [pid 6432] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6432] setpgid(0, 0) = 0 [pid 6432] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6432] write(3, "1000", 4) = 4 [pid 6432] close(3) = 0 [pid 6432] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6432] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6432] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6432] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6432] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6433], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6433 [pid 6432] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6432] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6433 attached [pid 6433] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6433] memfd_create("syzkaller", 0) = 3 [pid 6433] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6433] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6433] munmap(0x7f2656609000, 131072) = 0 [pid 6433] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6433] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6433] close(3) = 0 [pid 6433] mkdir("./file2", 0777) = 0 [pid 6433] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6433] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6433] chdir("./file2") = 0 [pid 6433] ioctl(4, LOOP_CLR_FD) = 0 [pid 6433] close(4) = 0 [pid 6433] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6432] <... futex resumed>) = 0 [pid 6432] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6432] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6433] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6433] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6432] <... futex resumed>) = 0 [pid 6432] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6432] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6433] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6433] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6432] <... futex resumed>) = 0 [pid 6432] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6432] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6433] write(4, "\x00\x00", 2) = 2 [pid 6433] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6432] <... futex resumed>) = 0 [pid 6432] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6432] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6432] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6433] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6432] <... mmap resumed>) = 0x7f2656608000 [pid 6432] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6433] <... mmap resumed>) = 0x20000000 [pid 6432] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6433] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6432] <... clone resumed>, parent_tid=[6434], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6434 [pid 6432] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6432] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6433] <... futex resumed>) = 0 [pid 6433] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6434 attached [pid 6434] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6434] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6434] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6434] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6432] <... futex resumed>) = 0 [pid 6432] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6432] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6434] <... futex resumed>) = 1 [pid 6434] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6433] <... futex resumed>) = 0 [pid 6433] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6433] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6433] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6432] <... futex resumed>) = 0 [pid 6432] exit_group(0) = ? [pid 6433] <... futex resumed>) = ? [pid 6433] +++ exited with 0 +++ [pid 6434] <... futex resumed>) = ? [pid 6434] +++ exited with 0 +++ [pid 6432] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6432, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./450", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./450", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./450/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./450/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./450/binderfs") = 0 [ 121.598578][ T6433] loop0: detected capacity change from 0 to 256 [ 121.607325][ T6433] exfat: Deprecated parameter 'utf8' [ 121.618629][ T6433] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./450/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./450/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./450/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./450/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./450/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./450/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./450") = 0 mkdir("./451", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6435 ./strace-static-x86_64: Process 6435 attached [pid 6435] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6435] chdir("./451") = 0 [pid 6435] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6435] setpgid(0, 0) = 0 [pid 6435] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6435] write(3, "1000", 4) = 4 [pid 6435] close(3) = 0 [pid 6435] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6435] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6435] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6435] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6435] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6436], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6436 [pid 6435] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6435] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6436 attached [pid 6436] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6436] memfd_create("syzkaller", 0) = 3 [pid 6436] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6436] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6436] munmap(0x7f2656609000, 131072) = 0 [pid 6436] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6436] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6436] close(3) = 0 [pid 6436] mkdir("./file2", 0777) = 0 [pid 6436] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6436] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6436] chdir("./file2") = 0 [pid 6436] ioctl(4, LOOP_CLR_FD) = 0 [pid 6436] close(4) = 0 [pid 6436] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6435] <... futex resumed>) = 0 [pid 6435] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6436] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6435] <... futex resumed>) = 0 [pid 6435] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6436] <... openat resumed>) = 4 [pid 6436] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6435] <... futex resumed>) = 0 [pid 6435] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6435] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6436] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6436] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6435] <... futex resumed>) = 0 [pid 6435] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6435] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6436] <... futex resumed>) = 1 [pid 6436] write(4, "\x00\x00", 2) = 2 [pid 6436] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6436] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6435] <... futex resumed>) = 0 [pid 6435] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6435] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6436] <... futex resumed>) = 0 [pid 6435] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6436] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6435] <... mmap resumed>) = 0x7f2656608000 [pid 6436] <... mmap resumed>) = 0x20000000 [pid 6435] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6435] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6437 attached [pid 6436] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6435] <... clone resumed>, parent_tid=[6437], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6437 [pid 6436] <... futex resumed>) = 0 [pid 6435] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6436] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6435] <... futex resumed>) = 0 [pid 6435] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6437] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6437] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6437] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6437] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6435] <... futex resumed>) = 0 [pid 6437] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6435] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6436] <... futex resumed>) = 0 [pid 6435] <... futex resumed>) = 1 [pid 6436] getdents64(-1, [pid 6435] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6436] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6436] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6435] <... futex resumed>) = 0 [pid 6436] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6435] exit_group(0 [pid 6437] <... futex resumed>) = ? [pid 6436] <... futex resumed>) = ? [pid 6435] <... exit_group resumed>) = ? [pid 6437] +++ exited with 0 +++ [pid 6436] +++ exited with 0 +++ [pid 6435] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6435, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./451", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./451", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./451/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./451/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./451/binderfs") = 0 umount2("./451/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 121.725756][ T6436] loop0: detected capacity change from 0 to 256 [ 121.734393][ T6436] exfat: Deprecated parameter 'utf8' [ 121.745236][ T6436] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./451/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./451/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./451/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./451/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./451/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./451") = 0 mkdir("./452", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6438 ./strace-static-x86_64: Process 6438 attached [pid 6438] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6438] chdir("./452") = 0 [pid 6438] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6438] setpgid(0, 0) = 0 [pid 6438] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6438] write(3, "1000", 4) = 4 [pid 6438] close(3) = 0 [pid 6438] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6438] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6438] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6438] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6438] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6439], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6439 [pid 6438] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6438] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6439 attached [pid 6439] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6439] memfd_create("syzkaller", 0) = 3 [pid 6439] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6439] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6439] munmap(0x7f2656609000, 131072) = 0 [pid 6439] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6439] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6439] close(3) = 0 [pid 6439] mkdir("./file2", 0777) = 0 [pid 6439] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6439] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6439] chdir("./file2") = 0 [pid 6439] ioctl(4, LOOP_CLR_FD) = 0 [pid 6439] close(4) = 0 [pid 6439] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6439] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6438] <... futex resumed>) = 0 [pid 6438] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6439] <... futex resumed>) = 0 [pid 6438] <... futex resumed>) = 1 [pid 6439] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6438] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6439] <... openat resumed>) = 4 [pid 6439] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6438] <... futex resumed>) = 0 [pid 6439] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6438] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6438] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6439] <... openat resumed>) = 5 [pid 6439] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6438] <... futex resumed>) = 0 [pid 6439] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6438] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6439] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6438] <... futex resumed>) = 0 [pid 6439] write(4, "\x00\x00", 2 [pid 6438] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6439] <... write resumed>) = 2 [pid 6439] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6438] <... futex resumed>) = 0 [pid 6439] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6438] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6439] <... mmap resumed>) = 0x20000000 [pid 6438] <... futex resumed>) = 0 [pid 6438] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6439] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6438] <... futex resumed>) = 0 [pid 6438] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6439] <... futex resumed>) = 0 [pid 6439] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6438] <... mmap resumed>) = 0x7f2656608000 [pid 6438] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6438] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6440 attached , parent_tid=[6440], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6440 [pid 6438] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6440] set_robust_list(0x7f26566289e0, 24 [pid 6438] <... futex resumed>) = 0 [pid 6440] <... set_robust_list resumed>) = 0 [pid 6438] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6440] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6440] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6440] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6440] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6438] <... futex resumed>) = 0 [pid 6438] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6439] <... futex resumed>) = 0 [pid 6438] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6439] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6439] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6438] <... futex resumed>) = 0 [pid 6439] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6438] exit_group(0 [pid 6439] <... futex resumed>) = ? [pid 6438] <... exit_group resumed>) = ? [pid 6439] +++ exited with 0 +++ [pid 6440] <... futex resumed>) = ? [pid 6440] +++ exited with 0 +++ [pid 6438] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6438, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./452", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./452", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./452/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./452/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./452/binderfs") = 0 umount2("./452/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./452/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./452/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./452/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./452/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 121.844212][ T6439] loop0: detected capacity change from 0 to 256 [ 121.854404][ T6439] exfat: Deprecated parameter 'utf8' [ 121.864166][ T6439] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./452/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./452") = 0 mkdir("./453", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6441 ./strace-static-x86_64: Process 6441 attached [pid 6441] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6441] chdir("./453") = 0 [pid 6441] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6441] setpgid(0, 0) = 0 [pid 6441] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6441] write(3, "1000", 4) = 4 [pid 6441] close(3) = 0 [pid 6441] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6441] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6441] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6441] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6441] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6442 attached [pid 6442] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6442] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6441] <... clone resumed>, parent_tid=[6442], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6442 [pid 6441] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6442] <... futex resumed>) = 0 [pid 6442] memfd_create("syzkaller", 0 [pid 6441] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6442] <... memfd_create resumed>) = 3 [pid 6442] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6442] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6442] munmap(0x7f2656609000, 131072) = 0 [pid 6442] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6442] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6442] close(3) = 0 [pid 6442] mkdir("./file2", 0777) = 0 [pid 6442] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6442] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6442] chdir("./file2") = 0 [pid 6442] ioctl(4, LOOP_CLR_FD) = 0 [pid 6442] close(4) = 0 [pid 6442] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6441] <... futex resumed>) = 0 [pid 6441] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6441] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6442] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6442] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6441] <... futex resumed>) = 0 [pid 6441] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6441] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6442] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6442] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6441] <... futex resumed>) = 0 [pid 6441] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6441] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6442] write(4, "\x00\x00", 2) = 2 [pid 6442] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6441] <... futex resumed>) = 0 [pid 6441] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6441] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6441] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6442] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6441] <... mmap resumed>) = 0x7f2656608000 [pid 6441] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6442] <... mmap resumed>) = 0x20000000 [pid 6441] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6442] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6441] <... clone resumed>, parent_tid=[6443], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6443 [pid 6441] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6441] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6443 attached [pid 6442] <... futex resumed>) = 0 [pid 6442] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6443] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6443] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6443] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6443] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6441] <... futex resumed>) = 0 [pid 6441] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6442] <... futex resumed>) = 0 [pid 6441] <... futex resumed>) = 1 [pid 6442] getdents64(-1, [pid 6441] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6442] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6442] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6441] <... futex resumed>) = 0 [pid 6442] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6441] exit_group(0 [pid 6442] <... futex resumed>) = ? [pid 6441] <... exit_group resumed>) = ? [pid 6442] +++ exited with 0 +++ [pid 6443] +++ exited with 0 +++ [pid 6441] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6441, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./453", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./453", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./453/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./453/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./453/binderfs") = 0 [ 121.964963][ T6442] loop0: detected capacity change from 0 to 256 [ 121.973642][ T6442] exfat: Deprecated parameter 'utf8' [ 121.984895][ T6442] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./453/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./453/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./453/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./453/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./453/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./453/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./453") = 0 mkdir("./454", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6444 ./strace-static-x86_64: Process 6444 attached [pid 6444] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6444] chdir("./454") = 0 [pid 6444] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6444] setpgid(0, 0) = 0 [pid 6444] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6444] write(3, "1000", 4) = 4 [pid 6444] close(3) = 0 [pid 6444] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6444] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6444] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6444] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6444] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6445 attached , parent_tid=[6445], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6445 [pid 6445] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6445] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6444] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6445] <... futex resumed>) = 0 [pid 6444] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6445] memfd_create("syzkaller", 0) = 3 [pid 6445] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6445] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6445] munmap(0x7f2656609000, 131072) = 0 [pid 6445] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6445] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6445] close(3) = 0 [pid 6445] mkdir("./file2", 0777) = 0 [pid 6445] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6445] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6445] chdir("./file2") = 0 [pid 6445] ioctl(4, LOOP_CLR_FD) = 0 [pid 6445] close(4) = 0 [pid 6445] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6444] <... futex resumed>) = 0 [pid 6444] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6444] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6445] <... futex resumed>) = 1 [pid 6445] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6445] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6444] <... futex resumed>) = 0 [pid 6444] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6444] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6445] <... futex resumed>) = 1 [pid 6445] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6445] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6444] <... futex resumed>) = 0 [pid 6444] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6444] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6445] <... futex resumed>) = 1 [pid 6445] write(4, "\x00\x00", 2) = 2 [pid 6445] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6444] <... futex resumed>) = 0 [pid 6444] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6444] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6444] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6445] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6444] <... mmap resumed>) = 0x7f2656608000 [pid 6444] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6444] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6446], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6446 ./strace-static-x86_64: Process 6446 attached [pid 6445] <... mmap resumed>) = 0x20000000 [pid 6444] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6444] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6446] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6445] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6446] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6446] openat(AT_FDCWD, "", O_RDONLY [pid 6445] <... futex resumed>) = 0 [pid 6446] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 6446] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6444] <... futex resumed>) = 0 [pid 6444] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6445] getdents64(-1, [pid 6444] <... futex resumed>) = 0 [pid 6444] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6446] <... futex resumed>) = 1 [pid 6445] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6446] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6445] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6444] <... futex resumed>) = 0 [pid 6445] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6444] exit_group(0 [pid 6446] <... futex resumed>) = ? [pid 6445] <... futex resumed>) = ? [pid 6444] <... exit_group resumed>) = ? [pid 6446] +++ exited with 0 +++ [pid 6445] +++ exited with 0 +++ [pid 6444] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6444, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./454", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./454", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./454/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./454/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./454/binderfs") = 0 [ 122.081966][ T6445] loop0: detected capacity change from 0 to 256 [ 122.093038][ T6445] exfat: Deprecated parameter 'utf8' [ 122.102965][ T6445] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./454/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./454/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./454/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./454/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./454/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./454/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./454") = 0 mkdir("./455", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6447 ./strace-static-x86_64: Process 6447 attached [pid 6447] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6447] chdir("./455") = 0 [pid 6447] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6447] setpgid(0, 0) = 0 [pid 6447] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6447] write(3, "1000", 4) = 4 [pid 6447] close(3) = 0 [pid 6447] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6447] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6447] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6447] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6447] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6448 attached [pid 6448] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6448] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6447] <... clone resumed>, parent_tid=[6448], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6448 [pid 6447] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6448] <... futex resumed>) = 0 [pid 6447] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6448] memfd_create("syzkaller", 0) = 3 [pid 6448] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6448] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6448] munmap(0x7f2656609000, 131072) = 0 [pid 6448] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6448] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6448] close(3) = 0 [pid 6448] mkdir("./file2", 0777) = 0 [pid 6448] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6448] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6448] chdir("./file2") = 0 [pid 6448] ioctl(4, LOOP_CLR_FD) = 0 [pid 6448] close(4) = 0 [pid 6448] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6447] <... futex resumed>) = 0 [pid 6448] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6447] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6448] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6448] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6447] <... futex resumed>) = 0 [pid 6447] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6448] <... openat resumed>) = 4 [pid 6448] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6447] <... futex resumed>) = 0 [pid 6448] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6447] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6447] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6448] <... openat resumed>) = 5 [pid 6448] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6447] <... futex resumed>) = 0 [pid 6447] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6447] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6448] write(4, "\x00\x00", 2) = 2 [pid 6448] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6447] <... futex resumed>) = 0 [pid 6448] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6447] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6448] <... mmap resumed>) = 0x20000000 [pid 6447] <... futex resumed>) = 0 [pid 6447] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6448] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6447] <... futex resumed>) = 0 [pid 6447] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6448] <... futex resumed>) = 0 [pid 6448] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6447] <... mmap resumed>) = 0x7f2656608000 [pid 6447] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6447] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6449], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6449 [pid 6447] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6447] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6449 attached [pid 6449] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6449] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6449] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6449] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6447] <... futex resumed>) = 0 [pid 6447] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6448] <... futex resumed>) = 0 [pid 6447] <... futex resumed>) = 1 [pid 6448] getdents64(-1, [pid 6447] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6448] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6448] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6447] <... futex resumed>) = 0 [pid 6448] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6447] exit_group(0 [pid 6448] <... futex resumed>) = ? [pid 6447] <... exit_group resumed>) = ? [pid 6448] +++ exited with 0 +++ [pid 6449] +++ exited with 0 +++ [pid 6447] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6447, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./455", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./455", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./455/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./455/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 122.204818][ T6448] loop0: detected capacity change from 0 to 256 [ 122.214160][ T6448] exfat: Deprecated parameter 'utf8' [ 122.225506][ T6448] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) unlink("./455/binderfs") = 0 umount2("./455/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./455/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./455/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./455/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./455/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./455/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./455") = 0 mkdir("./456", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6450 ./strace-static-x86_64: Process 6450 attached [pid 6450] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6450] chdir("./456") = 0 [pid 6450] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6450] setpgid(0, 0) = 0 [pid 6450] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6450] write(3, "1000", 4) = 4 [pid 6450] close(3) = 0 [pid 6450] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6450] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6450] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6450] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6450] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6451 attached , parent_tid=[6451], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6451 [pid 6451] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6451] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6450] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6451] <... futex resumed>) = 0 [pid 6451] memfd_create("syzkaller", 0 [pid 6450] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6451] <... memfd_create resumed>) = 3 [pid 6451] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6451] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6451] munmap(0x7f2656609000, 131072) = 0 [pid 6451] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6451] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6451] close(3) = 0 [pid 6451] mkdir("./file2", 0777) = 0 [pid 6451] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6451] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6451] chdir("./file2") = 0 [pid 6451] ioctl(4, LOOP_CLR_FD) = 0 [pid 6451] close(4) = 0 [pid 6451] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6451] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6450] <... futex resumed>) = 0 [pid 6450] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6450] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6451] <... futex resumed>) = 0 [pid 6451] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6451] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6451] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6450] <... futex resumed>) = 0 [pid 6450] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6450] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6451] <... futex resumed>) = 0 [pid 6451] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6451] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6450] <... futex resumed>) = 0 [pid 6450] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6450] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6451] write(4, "\x00\x00", 2) = 2 [pid 6451] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6450] <... futex resumed>) = 0 [pid 6450] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6450] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6450] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6450] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6451] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6450] <... mprotect resumed>) = 0 [pid 6451] <... mmap resumed>) = 0x20000000 [pid 6450] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6451] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6452 attached [pid 6452] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6452] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6451] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6450] <... clone resumed>, parent_tid=[6452], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6452 [pid 6450] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6452] <... futex resumed>) = 0 [pid 6450] <... futex resumed>) = 1 [pid 6452] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6450] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6452] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6452] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6452] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6450] <... futex resumed>) = 0 [pid 6450] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6451] <... futex resumed>) = 0 [pid 6450] <... futex resumed>) = 1 [pid 6451] getdents64(-1, [pid 6450] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6451] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6451] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6451] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6450] <... futex resumed>) = 0 [ 122.337660][ T6451] loop0: detected capacity change from 0 to 256 [ 122.346885][ T6451] exfat: Deprecated parameter 'utf8' [ 122.358240][ T6451] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6450] exit_group(0 [pid 6452] <... futex resumed>) = ? [pid 6451] <... futex resumed>) = ? [pid 6450] <... exit_group resumed>) = ? [pid 6451] +++ exited with 0 +++ [pid 6452] +++ exited with 0 +++ [pid 6450] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6450, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./456", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./456", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./456/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./456/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./456/binderfs") = 0 umount2("./456/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./456/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./456/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./456/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./456/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./456/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./456") = 0 mkdir("./457", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6453 ./strace-static-x86_64: Process 6453 attached [pid 6453] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6453] chdir("./457") = 0 [pid 6453] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6453] setpgid(0, 0) = 0 [pid 6453] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6453] write(3, "1000", 4) = 4 [pid 6453] close(3) = 0 [pid 6453] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6453] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6453] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6453] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6453] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6454 attached , parent_tid=[6454], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6454 [pid 6454] set_robust_list(0x7f265ea299e0, 24 [pid 6453] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6454] <... set_robust_list resumed>) = 0 [pid 6453] <... futex resumed>) = 0 [pid 6453] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6454] memfd_create("syzkaller", 0) = 3 [pid 6454] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6454] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6454] munmap(0x7f2656609000, 131072) = 0 [pid 6454] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6454] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6454] close(3) = 0 [pid 6454] mkdir("./file2", 0777) = 0 [pid 6454] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6454] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6454] chdir("./file2") = 0 [pid 6454] ioctl(4, LOOP_CLR_FD) = 0 [pid 6454] close(4) = 0 [pid 6454] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6453] <... futex resumed>) = 0 [pid 6454] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6453] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6453] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6454] <... futex resumed>) = 0 [pid 6454] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6454] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6453] <... futex resumed>) = 0 [pid 6453] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6453] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6454] <... futex resumed>) = 1 [pid 6454] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6454] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6453] <... futex resumed>) = 0 [pid 6453] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6453] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6454] write(4, "\x00\x00", 2) = 2 [pid 6454] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6453] <... futex resumed>) = 0 [pid 6453] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6453] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6453] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6453] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6453] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6455 attached , parent_tid=[6455], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6455 [pid 6455] set_robust_list(0x7f26566289e0, 24 [pid 6453] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6455] <... set_robust_list resumed>) = 0 [pid 6453] <... futex resumed>) = 0 [pid 6453] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6455] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6454] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6454] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6455] <... openat resumed>) = 6 [pid 6455] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6453] <... futex resumed>) = 0 [pid 6453] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6455] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6453] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6454] <... futex resumed>) = 1 [pid 6453] <... futex resumed>) = 0 [pid 6453] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 6454] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 6454] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6453] <... futex resumed>) = 0 [pid 6453] exit_group(0 [pid 6454] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 6453] <... exit_group resumed>) = ? [pid 6455] <... futex resumed>) = ? [pid 6454] +++ exited with 0 +++ [pid 6455] +++ exited with 0 +++ [pid 6453] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6453, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./457", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./457", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./457/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./457/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./457/binderfs") = 0 [ 122.471589][ T6454] loop0: detected capacity change from 0 to 256 [ 122.480970][ T6454] exfat: Deprecated parameter 'utf8' [ 122.491136][ T6454] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./457/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./457/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./457/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./457/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./457/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./457/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./457") = 0 mkdir("./458", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6456 attached [pid 6456] set_robust_list(0x555556b3a6e0, 24 [pid 5078] <... clone resumed>, child_tidptr=0x555556b3a6d0) = 6456 [pid 6456] <... set_robust_list resumed>) = 0 [pid 6456] chdir("./458") = 0 [pid 6456] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6456] setpgid(0, 0) = 0 [pid 6456] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6456] write(3, "1000", 4) = 4 [pid 6456] close(3) = 0 [pid 6456] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6456] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6456] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6456] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6456] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6457 attached , parent_tid=[6457], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6457 [pid 6457] set_robust_list(0x7f265ea299e0, 24 [pid 6456] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6457] <... set_robust_list resumed>) = 0 [pid 6456] <... futex resumed>) = 0 [pid 6456] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6457] memfd_create("syzkaller", 0) = 3 [pid 6457] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6457] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6457] munmap(0x7f2656609000, 131072) = 0 [pid 6457] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6457] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6457] close(3) = 0 [pid 6457] mkdir("./file2", 0777) = 0 [pid 6457] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6457] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6457] chdir("./file2") = 0 [pid 6457] ioctl(4, LOOP_CLR_FD) = 0 [pid 6457] close(4) = 0 [pid 6457] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6457] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6456] <... futex resumed>) = 0 [pid 6456] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6456] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6457] <... futex resumed>) = 0 [pid 6457] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6457] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6456] <... futex resumed>) = 0 [pid 6457] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6456] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6457] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6457] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6456] <... futex resumed>) = 0 [pid 6456] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6457] <... openat resumed>) = 5 [pid 6457] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6456] <... futex resumed>) = 0 [pid 6457] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6456] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6456] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6457] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6457] write(4, "\x00\x00", 2) = 2 [pid 6457] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6457] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6456] <... futex resumed>) = 0 [pid 6457] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6456] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6457] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6456] <... futex resumed>) = 0 [pid 6456] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6456] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6457] <... mmap resumed>) = 0x20000000 [pid 6457] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6457] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6456] <... mmap resumed>) = 0x7f2656608000 [pid 6456] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6456] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6458 attached [pid 6458] set_robust_list(0x7f26566289e0, 24 [pid 6456] <... clone resumed>, parent_tid=[6458], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6458 [pid 6458] <... set_robust_list resumed>) = 0 [pid 6456] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6458] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6456] <... futex resumed>) = 0 [pid 6456] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6458] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6458] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6456] <... futex resumed>) = 0 [pid 6458] <... futex resumed>) = 1 [pid 6456] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6458] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6456] <... futex resumed>) = 1 [pid 6457] <... futex resumed>) = 0 [pid 6456] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6457] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6457] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6456] <... futex resumed>) = 0 [pid 6457] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6456] exit_group(0) = ? [pid 6458] <... futex resumed>) = ? [pid 6457] <... futex resumed>) = ? [pid 6457] +++ exited with 0 +++ [pid 6458] +++ exited with 0 +++ [pid 6456] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6456, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./458", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./458", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./458/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./458/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./458/binderfs") = 0 umount2("./458/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./458/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 122.581450][ T6457] loop0: detected capacity change from 0 to 256 [ 122.590288][ T6457] exfat: Deprecated parameter 'utf8' [ 122.601072][ T6457] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) lstat("./458/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./458/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./458/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./458/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./458") = 0 mkdir("./459", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6459 ./strace-static-x86_64: Process 6459 attached [pid 6459] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6459] chdir("./459") = 0 [pid 6459] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6459] setpgid(0, 0) = 0 [pid 6459] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6459] write(3, "1000", 4) = 4 [pid 6459] close(3) = 0 [pid 6459] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6459] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6459] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6459] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6459] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6460 attached , parent_tid=[6460], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6460 [pid 6460] set_robust_list(0x7f265ea299e0, 24 [pid 6459] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6459] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6460] <... set_robust_list resumed>) = 0 [pid 6460] memfd_create("syzkaller", 0) = 3 [pid 6460] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6460] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6460] munmap(0x7f2656609000, 131072) = 0 [pid 6460] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6460] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6460] close(3) = 0 [pid 6460] mkdir("./file2", 0777) = 0 [pid 6460] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6460] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6460] chdir("./file2") = 0 [pid 6460] ioctl(4, LOOP_CLR_FD) = 0 [pid 6460] close(4) = 0 [pid 6460] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6459] <... futex resumed>) = 0 [pid 6459] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6460] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6459] <... futex resumed>) = 0 [pid 6459] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6460] <... openat resumed>) = 4 [pid 6460] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6459] <... futex resumed>) = 0 [pid 6460] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6459] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6460] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6459] <... futex resumed>) = 0 [pid 6460] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6459] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6460] <... openat resumed>) = 5 [pid 6460] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6459] <... futex resumed>) = 0 [pid 6460] <... futex resumed>) = 1 [pid 6459] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6460] write(4, "\x00\x00", 2 [pid 6459] <... futex resumed>) = 0 [pid 6459] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6460] <... write resumed>) = 2 [pid 6460] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6459] <... futex resumed>) = 0 [pid 6460] <... futex resumed>) = 1 [pid 6460] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6459] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6459] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6459] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6460] <... mmap resumed>) = 0x20000000 [pid 6459] <... mmap resumed>) = 0x7f2656608000 [pid 6459] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6460] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6459] <... mprotect resumed>) = 0 [pid 6459] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6460] <... futex resumed>) = 0 [pid 6459] <... clone resumed>, parent_tid=[6461], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6461 [pid 6459] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6459] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6461 attached [pid 6461] set_robust_list(0x7f26566289e0, 24 [pid 6460] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6461] <... set_robust_list resumed>) = 0 [pid 6461] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6461] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6461] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6459] <... futex resumed>) = 0 [pid 6459] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6459] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6461] <... futex resumed>) = 1 [pid 6461] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6460] <... futex resumed>) = 0 [pid 6460] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6460] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6459] <... futex resumed>) = 0 [pid 6459] exit_group(0) = ? [pid 6461] <... futex resumed>) = ? [pid 6460] +++ exited with 0 +++ [pid 6461] +++ exited with 0 +++ [pid 6459] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6459, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./459", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./459", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./459/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./459/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./459/binderfs") = 0 umount2("./459/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 122.697248][ T6460] loop0: detected capacity change from 0 to 256 [ 122.705874][ T6460] exfat: Deprecated parameter 'utf8' [ 122.717533][ T6460] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./459/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./459/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./459/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./459/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./459/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./459") = 0 mkdir("./460", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6462 ./strace-static-x86_64: Process 6462 attached [pid 6462] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6462] chdir("./460") = 0 [pid 6462] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6462] setpgid(0, 0) = 0 [pid 6462] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6462] write(3, "1000", 4) = 4 [pid 6462] close(3) = 0 [pid 6462] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6462] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6462] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6462] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6462] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6463 attached , parent_tid=[6463], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6463 [pid 6463] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6463] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6462] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6463] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6463] memfd_create("syzkaller", 0) = 3 [pid 6463] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6462] <... futex resumed>) = 0 [pid 6463] <... mmap resumed>) = 0x7f2656609000 [pid 6462] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6463] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6463] munmap(0x7f2656609000, 131072) = 0 [pid 6463] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6463] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6463] close(3) = 0 [pid 6463] mkdir("./file2", 0777) = 0 [pid 6463] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6463] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6463] chdir("./file2") = 0 [pid 6463] ioctl(4, LOOP_CLR_FD) = 0 [pid 6463] close(4) = 0 [pid 6463] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6463] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6462] <... futex resumed>) = 0 [pid 6462] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6462] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6463] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6463] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6463] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6463] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6462] <... futex resumed>) = 0 [pid 6462] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6463] <... futex resumed>) = 0 [pid 6462] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6463] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6463] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6462] <... futex resumed>) = 0 [pid 6463] write(4, "\x00\x00", 2 [pid 6462] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6462] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6463] <... write resumed>) = 2 [pid 6463] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6462] <... futex resumed>) = 0 [pid 6463] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6462] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6462] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6462] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6463] <... mmap resumed>) = 0x20000000 [pid 6463] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6462] <... mmap resumed>) = 0x7f2656608000 [pid 6463] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6462] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6462] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6464 attached , parent_tid=[6464], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6464 [pid 6464] set_robust_list(0x7f26566289e0, 24 [pid 6462] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6464] <... set_robust_list resumed>) = 0 [pid 6462] <... futex resumed>) = 0 [pid 6464] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6462] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6464] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6464] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6462] <... futex resumed>) = 0 [pid 6464] <... futex resumed>) = 1 [pid 6462] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6464] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6462] <... futex resumed>) = 1 [pid 6463] <... futex resumed>) = 0 [pid 6462] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6463] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6463] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6462] <... futex resumed>) = 0 [pid 6463] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6462] exit_group(0) = ? [pid 6463] <... futex resumed>) = ? [pid 6464] <... futex resumed>) = ? [pid 6463] +++ exited with 0 +++ [ 122.825682][ T6463] loop0: detected capacity change from 0 to 256 [ 122.834190][ T6463] exfat: Deprecated parameter 'utf8' [ 122.844316][ T6463] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6464] +++ exited with 0 +++ [pid 6462] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6462, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./460", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./460", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./460/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./460/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./460/binderfs") = 0 umount2("./460/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./460/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./460/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./460/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./460/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./460/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./460") = 0 mkdir("./461", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6465 ./strace-static-x86_64: Process 6465 attached [pid 6465] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6465] chdir("./461") = 0 [pid 6465] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6465] setpgid(0, 0) = 0 [pid 6465] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6465] write(3, "1000", 4) = 4 [pid 6465] close(3) = 0 [pid 6465] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6465] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6465] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6465] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6465] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6466], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6466 [pid 6465] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6465] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6466 attached [pid 6466] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6466] memfd_create("syzkaller", 0) = 3 [pid 6466] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6466] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6466] munmap(0x7f2656609000, 131072) = 0 [pid 6466] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6466] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6466] close(3) = 0 [pid 6466] mkdir("./file2", 0777) = 0 [pid 6466] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6466] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6466] chdir("./file2") = 0 [pid 6466] ioctl(4, LOOP_CLR_FD) = 0 [pid 6466] close(4) = 0 [pid 6466] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6465] <... futex resumed>) = 0 [pid 6466] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6465] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6466] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6465] <... futex resumed>) = 0 [pid 6466] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6465] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6466] <... openat resumed>) = 4 [pid 6466] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6465] <... futex resumed>) = 0 [pid 6466] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6465] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6466] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6465] <... futex resumed>) = 0 [pid 6466] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6465] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6466] <... openat resumed>) = 5 [pid 6466] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6465] <... futex resumed>) = 0 [pid 6466] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6465] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6466] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6465] <... futex resumed>) = 0 [pid 6466] write(4, "\x00\x00", 2 [pid 6465] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6466] <... write resumed>) = 2 [pid 6466] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6465] <... futex resumed>) = 0 [pid 6466] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6465] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6466] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6465] <... futex resumed>) = 0 [pid 6466] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6465] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6466] <... mmap resumed>) = 0x20000000 [pid 6465] <... futex resumed>) = 0 [pid 6466] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6465] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6466] <... futex resumed>) = 0 [pid 6465] <... mmap resumed>) = 0x7f2656608000 [pid 6466] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6465] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6465] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6467], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6467 [pid 6465] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6465] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6467 attached [pid 6467] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6467] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6467] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6467] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6465] <... futex resumed>) = 0 [pid 6467] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6465] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6466] <... futex resumed>) = 0 [pid 6465] <... futex resumed>) = 1 [pid 6466] getdents64(-1, [pid 6465] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6466] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6466] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6465] <... futex resumed>) = 0 [pid 6466] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6465] exit_group(0 [pid 6467] <... futex resumed>) = ? [pid 6466] <... futex resumed>) = ? [pid 6465] <... exit_group resumed>) = ? [pid 6467] +++ exited with 0 +++ [pid 6466] +++ exited with 0 +++ [pid 6465] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6465, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./461", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./461", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./461/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./461/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./461/binderfs") = 0 [ 122.963237][ T6466] loop0: detected capacity change from 0 to 256 [ 122.971937][ T6466] exfat: Deprecated parameter 'utf8' [ 122.982301][ T6466] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./461/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./461/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./461/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./461/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./461/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./461/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./461") = 0 mkdir("./462", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6468 attached , child_tidptr=0x555556b3a6d0) = 6468 [pid 6468] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6468] chdir("./462") = 0 [pid 6468] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6468] setpgid(0, 0) = 0 [pid 6468] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6468] write(3, "1000", 4) = 4 [pid 6468] close(3) = 0 [pid 6468] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6468] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6468] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6468] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6468] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6469], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6469 ./strace-static-x86_64: Process 6469 attached [pid 6469] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6469] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6468] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6469] <... futex resumed>) = 0 [pid 6468] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6469] memfd_create("syzkaller", 0) = 3 [pid 6469] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6469] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6469] munmap(0x7f2656609000, 131072) = 0 [pid 6469] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6469] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6469] close(3) = 0 [pid 6469] mkdir("./file2", 0777) = 0 [pid 6469] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6469] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6469] chdir("./file2") = 0 [pid 6469] ioctl(4, LOOP_CLR_FD) = 0 [pid 6469] close(4) = 0 [pid 6469] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6468] <... futex resumed>) = 0 [pid 6468] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6468] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6469] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6469] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6468] <... futex resumed>) = 0 [pid 6469] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6468] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6468] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6469] <... openat resumed>) = 5 [pid 6469] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6468] <... futex resumed>) = 0 [pid 6469] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6468] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6469] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6468] <... futex resumed>) = 0 [pid 6469] write(4, "\x00\x00", 2 [pid 6468] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6469] <... write resumed>) = 2 [pid 6469] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6468] <... futex resumed>) = 0 [pid 6469] <... futex resumed>) = 1 [pid 6468] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6469] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6468] <... futex resumed>) = 0 [pid 6468] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6468] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6469] <... mmap resumed>) = 0x20000000 [pid 6469] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6468] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6469] <... futex resumed>) = 0 [pid 6468] <... mprotect resumed>) = 0 [pid 6469] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6468] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6470], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6470 ./strace-static-x86_64: Process 6470 attached [pid 6470] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6470] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6468] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6470] <... futex resumed>) = 0 [pid 6468] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6470] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6470] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6470] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6468] <... futex resumed>) = 0 [pid 6468] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6468] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6470] <... futex resumed>) = 1 [pid 6469] <... futex resumed>) = 0 [pid 6470] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6469] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6469] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6468] <... futex resumed>) = 0 [pid 6468] exit_group(0) = ? [pid 6470] <... futex resumed>) = ? [pid 6470] +++ exited with 0 +++ [pid 6469] +++ exited with 0 +++ [pid 6468] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6468, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./462", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./462", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./462/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./462/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./462/binderfs") = 0 umount2("./462/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 123.089798][ T6469] loop0: detected capacity change from 0 to 256 [ 123.098432][ T6469] exfat: Deprecated parameter 'utf8' [ 123.108490][ T6469] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./462/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./462/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./462/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./462/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./462/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./462") = 0 mkdir("./463", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6471 ./strace-static-x86_64: Process 6471 attached [pid 6471] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6471] chdir("./463") = 0 [pid 6471] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6471] setpgid(0, 0) = 0 [pid 6471] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6471] write(3, "1000", 4) = 4 [pid 6471] close(3) = 0 [pid 6471] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6471] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6471] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6471] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6471] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6472 attached , parent_tid=[6472], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6472 [pid 6471] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6471] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6472] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6472] memfd_create("syzkaller", 0) = 3 [pid 6472] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6472] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6472] munmap(0x7f2656609000, 131072) = 0 [pid 6472] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6472] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6472] close(3) = 0 [pid 6472] mkdir("./file2", 0777) = 0 [pid 6472] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6472] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6472] chdir("./file2") = 0 [pid 6472] ioctl(4, LOOP_CLR_FD) = 0 [pid 6472] close(4) = 0 [pid 6472] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6471] <... futex resumed>) = 0 [pid 6471] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6471] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6472] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6472] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6471] <... futex resumed>) = 0 [pid 6471] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6471] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6472] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6472] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6471] <... futex resumed>) = 0 [pid 6471] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6471] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6472] <... futex resumed>) = 1 [pid 6472] write(4, "\x00\x00", 2) = 2 [pid 6472] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6471] <... futex resumed>) = 0 [pid 6471] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6471] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6471] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6471] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6471] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6472] <... futex resumed>) = 1 [pid 6471] <... clone resumed>, parent_tid=[6473], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6473 [pid 6471] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6471] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6473 attached [pid 6473] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6473] openat(AT_FDCWD, "./file0", O_RDONLY) = 6 [pid 6473] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6471] <... futex resumed>) = 0 [pid 6471] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6472] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6471] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6473] <... futex resumed>) = 1 [pid 6472] <... mmap resumed>) = 0x20000000 [pid 6473] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 6473] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6471] <... futex resumed>) = 0 [pid 6473] <... futex resumed>) = 1 [pid 6473] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6472] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6472] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6471] exit_group(0) = ? [pid 6473] <... futex resumed>) = ? [pid 6472] <... futex resumed>) = ? [pid 6473] +++ exited with 0 +++ [pid 6472] +++ exited with 0 +++ [pid 6471] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6471, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./463", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./463", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./463/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./463/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./463/binderfs") = 0 umount2("./463/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./463/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./463/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./463/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./463/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./463/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./463") = 0 mkdir("./464", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 123.250080][ T6472] loop0: detected capacity change from 0 to 256 [ 123.258744][ T6472] exfat: Deprecated parameter 'utf8' [ 123.268046][ T6472] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6474 ./strace-static-x86_64: Process 6474 attached [pid 6474] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6474] chdir("./464") = 0 [pid 6474] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6474] setpgid(0, 0) = 0 [pid 6474] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6474] write(3, "1000", 4) = 4 [pid 6474] close(3) = 0 [pid 6474] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6474] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6474] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6474] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6474] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6475 attached [pid 6475] set_robust_list(0x7f265ea299e0, 24 [pid 6474] <... clone resumed>, parent_tid=[6475], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6475 [pid 6475] <... set_robust_list resumed>) = 0 [pid 6474] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6474] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6475] memfd_create("syzkaller", 0) = 3 [pid 6475] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6475] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6475] munmap(0x7f2656609000, 131072) = 0 [pid 6475] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6475] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6475] close(3) = 0 [pid 6475] mkdir("./file2", 0777) = 0 [pid 6475] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6475] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6475] chdir("./file2") = 0 [pid 6475] ioctl(4, LOOP_CLR_FD) = 0 [pid 6475] close(4) = 0 [pid 6475] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6475] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6474] <... futex resumed>) = 0 [pid 6474] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6475] <... futex resumed>) = 0 [pid 6475] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6474] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6475] <... openat resumed>) = 4 [pid 6475] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6475] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6474] <... futex resumed>) = 0 [pid 6474] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6474] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6475] <... futex resumed>) = 0 [pid 6475] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6475] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6474] <... futex resumed>) = 0 [pid 6475] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6474] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6475] <... futex resumed>) = 0 [pid 6474] <... futex resumed>) = 1 [pid 6475] write(4, "\x00\x00", 2 [pid 6474] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6475] <... write resumed>) = 2 [pid 6475] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6474] <... futex resumed>) = 0 [pid 6475] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6474] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6474] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6474] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6475] <... mmap resumed>) = 0x20000000 [pid 6475] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6474] <... mmap resumed>) = 0x7f2656608000 [pid 6474] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6475] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6474] <... mprotect resumed>) = 0 [pid 6474] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6476 attached , parent_tid=[6476], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6476 [pid 6476] set_robust_list(0x7f26566289e0, 24 [pid 6474] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6476] <... set_robust_list resumed>) = 0 [pid 6474] <... futex resumed>) = 0 [pid 6474] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6476] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6476] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6476] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6474] <... futex resumed>) = 0 [pid 6474] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6474] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6475] <... futex resumed>) = 0 [pid 6475] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6475] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6474] <... futex resumed>) = 0 [pid 6475] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6474] exit_group(0 [pid 6475] <... futex resumed>) = ? [pid 6474] <... exit_group resumed>) = ? [pid 6475] +++ exited with 0 +++ [pid 6476] +++ exited with 0 +++ [pid 6474] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6474, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./464", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./464", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./464/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./464/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./464/binderfs") = 0 [ 123.367605][ T6475] loop0: detected capacity change from 0 to 256 [ 123.376992][ T6475] exfat: Deprecated parameter 'utf8' [ 123.389737][ T6475] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./464/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./464/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./464/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./464/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./464/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./464/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./464") = 0 mkdir("./465", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6477 attached [pid 6477] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6477] chdir("./465") = 0 [pid 6477] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6477] setpgid(0, 0) = 0 [pid 6477] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6477] write(3, "1000", 4) = 4 [pid 6477] close(3) = 0 [pid 6477] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6477] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] <... clone resumed>, child_tidptr=0x555556b3a6d0) = 6477 [pid 6477] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6477] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6477] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6478 attached , parent_tid=[6478], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6478 [pid 6478] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6478] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6477] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6478] <... futex resumed>) = 0 [pid 6477] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6478] memfd_create("syzkaller", 0) = 3 [pid 6478] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6478] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6478] munmap(0x7f2656609000, 131072) = 0 [pid 6478] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6478] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6478] close(3) = 0 [pid 6478] mkdir("./file2", 0777) = 0 [pid 6478] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6478] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6478] chdir("./file2") = 0 [pid 6478] ioctl(4, LOOP_CLR_FD) = 0 [pid 6478] close(4) = 0 [pid 6478] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6478] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6477] <... futex resumed>) = 0 [pid 6477] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6477] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6478] <... futex resumed>) = 0 [pid 6478] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6478] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6477] <... futex resumed>) = 0 [pid 6477] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6477] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6478] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6478] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6477] <... futex resumed>) = 0 [pid 6477] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6477] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6478] <... futex resumed>) = 1 [pid 6478] write(4, "\x00\x00", 2) = 2 [pid 6478] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6477] <... futex resumed>) = 0 [pid 6477] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6478] <... futex resumed>) = 1 [pid 6477] <... futex resumed>) = 0 [pid 6478] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6477] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6478] <... mmap resumed>) = 0x20000000 [pid 6477] <... futex resumed>) = 0 [pid 6477] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6477] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6478] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6477] <... mprotect resumed>) = 0 [pid 6478] <... futex resumed>) = 0 [pid 6477] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6479 attached [pid 6478] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6477] <... clone resumed>, parent_tid=[6479], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6479 [pid 6479] set_robust_list(0x7f26566289e0, 24 [pid 6477] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6479] <... set_robust_list resumed>) = 0 [pid 6477] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6479] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6479] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6479] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6479] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6477] <... futex resumed>) = 0 [pid 6477] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6478] <... futex resumed>) = 0 [pid 6477] <... futex resumed>) = 1 [pid 6478] getdents64(-1, [pid 6477] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6478] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6478] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6477] <... futex resumed>) = 0 [pid 6478] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6477] exit_group(0 [pid 6479] <... futex resumed>) = ? [pid 6478] <... futex resumed>) = ? [pid 6477] <... exit_group resumed>) = ? [pid 6479] +++ exited with 0 +++ [pid 6478] +++ exited with 0 +++ [pid 6477] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6477, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./465", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./465", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./465/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./465/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./465/binderfs") = 0 umount2("./465/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./465/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 123.476758][ T6478] loop0: detected capacity change from 0 to 256 [ 123.487807][ T6478] exfat: Deprecated parameter 'utf8' [ 123.498923][ T6478] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) lstat("./465/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./465/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./465/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./465/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./465") = 0 mkdir("./466", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6480 ./strace-static-x86_64: Process 6480 attached [pid 6480] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6480] chdir("./466") = 0 [pid 6480] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6480] setpgid(0, 0) = 0 [pid 6480] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6480] write(3, "1000", 4) = 4 [pid 6480] close(3) = 0 [pid 6480] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6480] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6480] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6480] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6480] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6481 attached , parent_tid=[6481], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6481 [pid 6480] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6480] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6481] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6481] memfd_create("syzkaller", 0) = 3 [pid 6481] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6481] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6481] munmap(0x7f2656609000, 131072) = 0 [pid 6481] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6481] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6481] close(3) = 0 [pid 6481] mkdir("./file2", 0777) = 0 [pid 6481] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6481] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6481] chdir("./file2") = 0 [pid 6481] ioctl(4, LOOP_CLR_FD) = 0 [pid 6481] close(4) = 0 [pid 6481] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6480] <... futex resumed>) = 0 [pid 6481] <... futex resumed>) = 1 [pid 6480] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6480] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6481] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6481] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6480] <... futex resumed>) = 0 [pid 6481] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6480] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6481] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6480] <... futex resumed>) = 0 [pid 6481] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6480] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6481] <... openat resumed>) = 5 [pid 6481] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6480] <... futex resumed>) = 0 [pid 6481] write(4, "\x00\x00", 2 [pid 6480] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6480] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6481] <... write resumed>) = 2 [pid 6481] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6480] <... futex resumed>) = 0 [pid 6481] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6480] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6480] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6480] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6481] <... mmap resumed>) = 0x20000000 [pid 6480] <... mmap resumed>) = 0x7f2656608000 [pid 6481] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6480] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6481] <... futex resumed>) = 0 [pid 6480] <... mprotect resumed>) = 0 [pid 6481] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6480] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6482 attached , parent_tid=[6482], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6482 [pid 6482] set_robust_list(0x7f26566289e0, 24 [pid 6480] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6482] <... set_robust_list resumed>) = 0 [pid 6482] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6482] openat(AT_FDCWD, "", O_RDONLY [pid 6480] <... futex resumed>) = 0 [pid 6480] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6482] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 6482] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6480] <... futex resumed>) = 0 [pid 6480] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6480] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6481] <... futex resumed>) = 0 [pid 6482] <... futex resumed>) = 1 [pid 6482] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6481] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6481] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6480] <... futex resumed>) = 0 [pid 6480] exit_group(0) = ? [pid 6482] <... futex resumed>) = ? [pid 6482] +++ exited with 0 +++ [pid 6481] +++ exited with 0 +++ [pid 6480] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6480, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./466", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./466", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./466/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./466/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./466/binderfs") = 0 [ 123.594574][ T6481] loop0: detected capacity change from 0 to 256 [ 123.603199][ T6481] exfat: Deprecated parameter 'utf8' [ 123.614128][ T6481] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./466/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./466/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./466/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./466/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./466/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./466/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./466") = 0 mkdir("./467", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6483 ./strace-static-x86_64: Process 6483 attached [pid 6483] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6483] chdir("./467") = 0 [pid 6483] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6483] setpgid(0, 0) = 0 [pid 6483] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6483] write(3, "1000", 4) = 4 [pid 6483] close(3) = 0 [pid 6483] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6483] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6483] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6483] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6483] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6484], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6484 [pid 6483] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6483] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6484 attached [pid 6484] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6484] memfd_create("syzkaller", 0) = 3 [pid 6484] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6484] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6484] munmap(0x7f2656609000, 131072) = 0 [pid 6484] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6484] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6484] close(3) = 0 [pid 6484] mkdir("./file2", 0777) = 0 [pid 6484] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6484] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6484] chdir("./file2") = 0 [pid 6484] ioctl(4, LOOP_CLR_FD) = 0 [pid 6484] close(4) = 0 [pid 6484] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6483] <... futex resumed>) = 0 [pid 6483] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6483] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6484] <... futex resumed>) = 1 [pid 6484] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6484] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6483] <... futex resumed>) = 0 [pid 6483] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6483] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6484] <... futex resumed>) = 1 [pid 6484] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6484] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6483] <... futex resumed>) = 0 [pid 6483] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6483] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6484] <... futex resumed>) = 1 [pid 6484] write(4, "\x00\x00", 2) = 2 [pid 6484] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6483] <... futex resumed>) = 0 [pid 6483] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6483] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6483] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6483] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6483] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6485], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6485 [pid 6483] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6483] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6484] <... futex resumed>) = 1 [pid 6484] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6484] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6484] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6485 attached [pid 6485] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6485] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6485] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6485] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6483] <... futex resumed>) = 0 [pid 6483] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6483] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6484] <... futex resumed>) = 0 [pid 6484] getdents64(-1, [pid 6485] <... futex resumed>) = 1 [pid 6484] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6484] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6483] <... futex resumed>) = 0 [pid 6483] exit_group(0) = ? [pid 6484] <... futex resumed>) = ? [pid 6484] +++ exited with 0 +++ [pid 6485] +++ exited with 0 +++ [pid 6483] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6483, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./467", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./467", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./467/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./467/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./467/binderfs") = 0 [ 123.696363][ T6484] loop0: detected capacity change from 0 to 256 [ 123.701459][ T5080] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 123.705590][ T6484] exfat: Deprecated parameter 'utf8' [ 123.723844][ T6484] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./467/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./467/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./467/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./467/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./467/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./467/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./467") = 0 mkdir("./468", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6486 ./strace-static-x86_64: Process 6486 attached [pid 6486] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6486] chdir("./468") = 0 [pid 6486] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6486] setpgid(0, 0) = 0 [pid 6486] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6486] write(3, "1000", 4) = 4 [pid 6486] close(3) = 0 [pid 6486] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6486] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6486] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6486] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6486] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6487], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6487 [pid 6486] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6486] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6487 attached [pid 6487] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6487] memfd_create("syzkaller", 0) = 3 [pid 6487] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6487] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6487] munmap(0x7f2656609000, 131072) = 0 [pid 6487] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6487] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6487] close(3) = 0 [pid 6487] mkdir("./file2", 0777) = 0 [pid 6487] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6487] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6487] chdir("./file2") = 0 [pid 6487] ioctl(4, LOOP_CLR_FD) = 0 [pid 6487] close(4) = 0 [pid 6487] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6486] <... futex resumed>) = 0 [pid 6486] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6486] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6487] <... futex resumed>) = 1 [pid 6487] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6487] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6486] <... futex resumed>) = 0 [pid 6486] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6486] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6487] <... futex resumed>) = 1 [pid 6487] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6487] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6486] <... futex resumed>) = 0 [pid 6486] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6486] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6487] <... futex resumed>) = 1 [pid 6487] write(4, "\x00\x00", 2) = 2 [pid 6487] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6486] <... futex resumed>) = 0 [pid 6486] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6487] <... futex resumed>) = 1 [pid 6486] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6487] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6486] <... futex resumed>) = 0 [pid 6487] <... mmap resumed>) = 0x20000000 [pid 6486] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6486] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6487] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6486] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6487] <... futex resumed>) = 0 [pid 6487] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6486] <... clone resumed>, parent_tid=[6488], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6488 [pid 6486] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6486] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6488 attached [pid 6488] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6488] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6488] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6488] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6486] <... futex resumed>) = 0 [pid 6486] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6487] <... futex resumed>) = 0 [pid 6486] <... futex resumed>) = 1 [pid 6487] getdents64(-1, [pid 6486] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6488] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6487] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6487] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6486] <... futex resumed>) = 0 [pid 6487] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6486] exit_group(0 [pid 6487] <... futex resumed>) = ? [pid 6486] <... exit_group resumed>) = ? [pid 6488] <... futex resumed>) = ? [pid 6487] +++ exited with 0 +++ [pid 6488] +++ exited with 0 +++ [pid 6486] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6486, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./468", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./468", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./468/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./468/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./468/binderfs") = 0 [ 123.801767][ T6487] loop0: detected capacity change from 0 to 256 [ 123.812779][ T6487] exfat: Deprecated parameter 'utf8' [ 123.822596][ T6487] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./468/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./468/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./468/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./468/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./468/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./468/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./468") = 0 mkdir("./469", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6489 ./strace-static-x86_64: Process 6489 attached [pid 6489] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6489] chdir("./469") = 0 [pid 6489] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6489] setpgid(0, 0) = 0 [pid 6489] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6489] write(3, "1000", 4) = 4 [pid 6489] close(3) = 0 [pid 6489] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6489] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6489] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6489] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6489] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6490], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6490 [pid 6489] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6489] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6490 attached [pid 6490] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6490] memfd_create("syzkaller", 0) = 3 [pid 6490] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6490] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6490] munmap(0x7f2656609000, 131072) = 0 [pid 6490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6490] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6490] close(3) = 0 [pid 6490] mkdir("./file2", 0777) = 0 [pid 6490] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6490] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6490] chdir("./file2") = 0 [pid 6490] ioctl(4, LOOP_CLR_FD) = 0 [pid 6490] close(4) = 0 [pid 6490] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6489] <... futex resumed>) = 0 [pid 6489] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6489] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6490] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6490] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6489] <... futex resumed>) = 0 [pid 6489] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6489] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6490] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6490] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6489] <... futex resumed>) = 0 [pid 6489] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6489] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6490] write(4, "\x00\x00", 2) = 2 [pid 6490] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6489] <... futex resumed>) = 0 [pid 6489] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6489] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6489] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6490] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6489] <... mmap resumed>) = 0x7f2656608000 [pid 6489] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6490] <... mmap resumed>) = 0x20000000 [pid 6489] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6490] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6489] <... clone resumed>, parent_tid=[6491], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6491 [pid 6489] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6491 attached ) = 0 [pid 6489] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6491] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6491] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6490] <... futex resumed>) = 0 [pid 6491] openat(AT_FDCWD, "", O_RDONLY [pid 6490] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6491] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 6491] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6489] <... futex resumed>) = 0 [pid 6489] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6490] <... futex resumed>) = 0 [pid 6489] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6490] getdents64(-1, [pid 6491] <... futex resumed>) = 1 [pid 6490] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6490] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6489] <... futex resumed>) = 0 [pid 6490] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6489] exit_group(0 [pid 6490] <... futex resumed>) = ? [pid 6489] <... exit_group resumed>) = ? [pid 6490] +++ exited with 0 +++ [ 123.902788][ T6490] loop0: detected capacity change from 0 to 256 [ 123.909337][ T5080] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 123.912240][ T6490] exfat: Deprecated parameter 'utf8' [ 123.933448][ T6490] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6491] +++ exited with 0 +++ [pid 6489] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6489, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./469", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./469", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./469/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./469/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./469/binderfs") = 0 umount2("./469/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./469/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./469/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./469/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./469/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./469/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./469") = 0 mkdir("./470", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6492 ./strace-static-x86_64: Process 6492 attached [pid 6492] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6492] chdir("./470") = 0 [pid 6492] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6492] setpgid(0, 0) = 0 [pid 6492] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6492] write(3, "1000", 4) = 4 [pid 6492] close(3) = 0 [pid 6492] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6492] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6492] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6492] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6492] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6493], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6493 [pid 6492] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6492] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6493 attached [pid 6493] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6493] memfd_create("syzkaller", 0) = 3 [pid 6493] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6493] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6493] munmap(0x7f2656609000, 131072) = 0 [pid 6493] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6493] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6493] close(3) = 0 [pid 6493] mkdir("./file2", 0777) = 0 [pid 6493] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6493] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6493] chdir("./file2") = 0 [pid 6493] ioctl(4, LOOP_CLR_FD) = 0 [pid 6493] close(4) = 0 [pid 6493] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6492] <... futex resumed>) = 0 [pid 6492] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6492] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6493] <... futex resumed>) = 1 [pid 6493] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6493] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6492] <... futex resumed>) = 0 [pid 6492] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6492] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6493] <... futex resumed>) = 1 [pid 6493] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6493] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6492] <... futex resumed>) = 0 [pid 6492] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6492] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6493] <... futex resumed>) = 1 [pid 6493] write(4, "\x00\x00", 2) = 2 [pid 6493] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6492] <... futex resumed>) = 0 [pid 6492] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6492] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6492] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6492] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6492] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6494 attached , parent_tid=[6494], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6494 [pid 6492] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6492] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6493] <... futex resumed>) = 1 [pid 6494] set_robust_list(0x7f26566289e0, 24 [pid 6493] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6494] <... set_robust_list resumed>) = 0 [pid 6493] <... mmap resumed>) = 0x20000000 [pid 6493] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6493] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6494] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6494] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6494] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6492] <... futex resumed>) = 0 [pid 6492] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6493] <... futex resumed>) = 0 [pid 6492] <... futex resumed>) = 1 [pid 6493] getdents64(-1, [pid 6492] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6493] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6494] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6493] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6492] <... futex resumed>) = 0 [pid 6493] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6492] exit_group(0 [pid 6493] <... futex resumed>) = ? [pid 6492] <... exit_group resumed>) = ? [pid 6494] <... futex resumed>) = ? [pid 6493] +++ exited with 0 +++ [pid 6494] +++ exited with 0 +++ [pid 6492] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6492, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./470", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 124.016699][ T6493] loop0: detected capacity change from 0 to 256 [ 124.023390][ T5080] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 124.027429][ T6493] exfat: Deprecated parameter 'utf8' [ 124.045379][ T6493] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) openat(AT_FDCWD, "./470", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./470/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./470/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./470/binderfs") = 0 umount2("./470/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./470/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./470/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./470/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./470/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./470/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./470") = 0 mkdir("./471", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6495 ./strace-static-x86_64: Process 6495 attached [pid 6495] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6495] chdir("./471") = 0 [pid 6495] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6495] setpgid(0, 0) = 0 [pid 6495] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6495] write(3, "1000", 4) = 4 [pid 6495] close(3) = 0 [pid 6495] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6495] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6495] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6495] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6495] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6496 attached , parent_tid=[6496], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6496 [pid 6496] set_robust_list(0x7f265ea299e0, 24 [pid 6495] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6496] <... set_robust_list resumed>) = 0 [pid 6495] <... futex resumed>) = 0 [pid 6495] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6496] memfd_create("syzkaller", 0) = 3 [pid 6496] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6496] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6496] munmap(0x7f2656609000, 131072) = 0 [pid 6496] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6496] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6496] close(3) = 0 [pid 6496] mkdir("./file2", 0777) = 0 [pid 6496] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6496] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6496] chdir("./file2") = 0 [pid 6496] ioctl(4, LOOP_CLR_FD) = 0 [pid 6496] close(4) = 0 [pid 6496] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6495] <... futex resumed>) = 0 [pid 6496] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6495] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6496] <... openat resumed>) = 4 [pid 6495] <... futex resumed>) = 0 [pid 6496] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6495] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6496] <... futex resumed>) = 0 [pid 6495] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6496] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6495] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6496] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6495] <... futex resumed>) = 0 [pid 6496] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6495] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6496] <... openat resumed>) = 5 [pid 6496] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6495] <... futex resumed>) = 0 [pid 6496] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6495] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6496] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6495] <... futex resumed>) = 0 [pid 6496] write(4, "\x00\x00", 2 [pid 6495] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6496] <... write resumed>) = 2 [pid 6496] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6496] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6495] <... futex resumed>) = 0 [pid 6495] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6496] <... futex resumed>) = 0 [pid 6495] <... futex resumed>) = 1 [pid 6496] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6495] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6496] <... mmap resumed>) = 0x20000000 [pid 6495] <... futex resumed>) = 0 [pid 6496] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6495] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6496] <... futex resumed>) = 0 [pid 6495] <... mmap resumed>) = 0x7f2656608000 [pid 6496] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6495] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6495] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6497 attached , parent_tid=[6497], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6497 [pid 6497] set_robust_list(0x7f26566289e0, 24 [pid 6495] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6495] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6497] <... set_robust_list resumed>) = 0 [pid 6497] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6497] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6497] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6495] <... futex resumed>) = 0 [pid 6497] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6495] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6496] <... futex resumed>) = 0 [pid 6495] <... futex resumed>) = 1 [pid 6496] getdents64(-1, [pid 6495] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6496] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6496] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6495] <... futex resumed>) = 0 [pid 6496] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6495] exit_group(0 [pid 6497] <... futex resumed>) = ? [pid 6496] <... futex resumed>) = ? [pid 6495] <... exit_group resumed>) = ? [pid 6497] +++ exited with 0 +++ [pid 6496] +++ exited with 0 +++ [pid 6495] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6495, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./471", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./471", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./471/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./471/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./471/binderfs") = 0 umount2("./471/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./471/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./471/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./471/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./471/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./471/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./471") = 0 mkdir("./472", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 124.144755][ T6496] loop0: detected capacity change from 0 to 256 [ 124.153751][ T6496] exfat: Deprecated parameter 'utf8' [ 124.163090][ T6496] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6498 ./strace-static-x86_64: Process 6498 attached [pid 6498] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6498] chdir("./472") = 0 [pid 6498] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6498] setpgid(0, 0) = 0 [pid 6498] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6498] write(3, "1000", 4) = 4 [pid 6498] close(3) = 0 [pid 6498] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6498] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6498] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6498] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6498] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6499], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6499 [pid 6498] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6498] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6499 attached [pid 6499] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6499] memfd_create("syzkaller", 0) = 3 [pid 6499] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6499] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6499] munmap(0x7f2656609000, 131072) = 0 [pid 6499] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6499] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6499] close(3) = 0 [pid 6499] mkdir("./file2", 0777) = 0 [pid 6499] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6499] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6499] chdir("./file2") = 0 [pid 6499] ioctl(4, LOOP_CLR_FD) = 0 [pid 6499] close(4) = 0 [pid 6499] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6498] <... futex resumed>) = 0 [pid 6498] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6498] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6499] <... futex resumed>) = 1 [pid 6499] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6499] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6498] <... futex resumed>) = 0 [pid 6498] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6498] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6499] <... futex resumed>) = 1 [pid 6499] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6499] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6498] <... futex resumed>) = 0 [pid 6498] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6498] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6499] <... futex resumed>) = 1 [pid 6499] write(4, "\x00\x00", 2) = 2 [pid 6499] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6498] <... futex resumed>) = 0 [pid 6498] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6498] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6498] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6498] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6498] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6500], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6500 [pid 6498] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6498] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6499] <... futex resumed>) = 1 [pid 6499] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6499] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6499] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6500 attached [pid 6500] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6500] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6500] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6500] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6498] <... futex resumed>) = 0 [pid 6498] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6498] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6500] <... futex resumed>) = 1 [pid 6500] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6499] <... futex resumed>) = 0 [pid 6499] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6499] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6498] <... futex resumed>) = 0 [pid 6499] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6498] exit_group(0 [pid 6500] <... futex resumed>) = ? [pid 6499] <... futex resumed>) = ? [pid 6498] <... exit_group resumed>) = ? [pid 6500] +++ exited with 0 +++ [pid 6499] +++ exited with 0 +++ [pid 6498] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6498, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./472", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./472", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./472/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./472/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./472/binderfs") = 0 umount2("./472/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./472/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./472/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./472/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./472/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./472/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 [ 124.254693][ T6499] loop0: detected capacity change from 0 to 256 [ 124.264748][ T6499] exfat: Deprecated parameter 'utf8' [ 124.275872][ T6499] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) close(3) = 0 rmdir("./472") = 0 mkdir("./473", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6501 ./strace-static-x86_64: Process 6501 attached [pid 6501] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6501] chdir("./473") = 0 [pid 6501] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6501] setpgid(0, 0) = 0 [pid 6501] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6501] write(3, "1000", 4) = 4 [pid 6501] close(3) = 0 [pid 6501] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6501] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6501] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6501] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6501] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6502], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6502 [pid 6501] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6501] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6502 attached [pid 6502] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6502] memfd_create("syzkaller", 0) = 3 [pid 6502] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6502] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6502] munmap(0x7f2656609000, 131072) = 0 [pid 6502] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6502] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6502] close(3) = 0 [pid 6502] mkdir("./file2", 0777) = 0 [pid 6502] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6502] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6502] chdir("./file2") = 0 [pid 6502] ioctl(4, LOOP_CLR_FD) = 0 [pid 6502] close(4) = 0 [pid 6502] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6501] <... futex resumed>) = 0 [pid 6501] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6501] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6502] <... futex resumed>) = 1 [pid 6502] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6502] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6501] <... futex resumed>) = 0 [pid 6501] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6501] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6502] <... futex resumed>) = 1 [pid 6502] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6502] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6501] <... futex resumed>) = 0 [pid 6501] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6501] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6502] <... futex resumed>) = 1 [pid 6502] write(4, "\x00\x00", 2) = 2 [pid 6502] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6501] <... futex resumed>) = 0 [pid 6501] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6501] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6501] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6501] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6501] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6503], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6503 [pid 6502] <... futex resumed>) = 1 [pid 6501] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6502] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6501] <... futex resumed>) = 0 [pid 6502] <... mmap resumed>) = 0x20000000 [pid 6501] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6502] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6502] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6503 attached [pid 6503] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6503] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6503] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6503] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6501] <... futex resumed>) = 0 [pid 6501] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6502] <... futex resumed>) = 0 [pid 6501] <... futex resumed>) = 1 [pid 6502] getdents64(-1, [pid 6501] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6503] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6502] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6502] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6501] <... futex resumed>) = 0 [pid 6502] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6501] exit_group(0 [pid 6502] <... futex resumed>) = ? [pid 6501] <... exit_group resumed>) = ? [pid 6503] <... futex resumed>) = ? [pid 6502] +++ exited with 0 +++ [pid 6503] +++ exited with 0 +++ [pid 6501] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6501, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./473", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./473", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./473/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./473/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./473/binderfs") = 0 [ 124.365044][ T6502] loop0: detected capacity change from 0 to 256 [ 124.374063][ T6502] exfat: Deprecated parameter 'utf8' [ 124.384849][ T6502] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./473/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./473/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./473/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./473/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./473/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./473/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./473") = 0 mkdir("./474", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6504 attached [pid 6504] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5078] <... clone resumed>, child_tidptr=0x555556b3a6d0) = 6504 [pid 6504] chdir("./474") = 0 [pid 6504] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6504] setpgid(0, 0) = 0 [pid 6504] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6504] write(3, "1000", 4) = 4 [pid 6504] close(3) = 0 [pid 6504] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6504] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6504] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6504] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6504] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6505 attached , parent_tid=[6505], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6505 [pid 6505] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6505] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6504] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6505] <... futex resumed>) = 0 [pid 6505] memfd_create("syzkaller", 0 [pid 6504] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6505] <... memfd_create resumed>) = 3 [pid 6505] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6505] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6505] munmap(0x7f2656609000, 131072) = 0 [pid 6505] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6505] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6505] close(3) = 0 [pid 6505] mkdir("./file2", 0777) = 0 [pid 6505] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6505] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6505] chdir("./file2") = 0 [pid 6505] ioctl(4, LOOP_CLR_FD) = 0 [pid 6505] close(4) = 0 [pid 6505] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6504] <... futex resumed>) = 0 [pid 6505] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6504] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6505] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6504] <... futex resumed>) = 0 [pid 6504] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6505] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6505] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6504] <... futex resumed>) = 0 [pid 6505] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6504] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6504] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6505] <... openat resumed>) = 5 [pid 6505] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6504] <... futex resumed>) = 0 [pid 6505] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6504] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6505] <... futex resumed>) = 0 [pid 6504] <... futex resumed>) = 1 [pid 6505] write(4, "\x00\x00", 2 [pid 6504] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6505] <... write resumed>) = 2 [pid 6505] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6504] <... futex resumed>) = 0 [pid 6505] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6504] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6505] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6504] <... futex resumed>) = 0 [pid 6505] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6504] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6504] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6505] <... mmap resumed>) = 0x20000000 [pid 6505] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6504] <... mmap resumed>) = 0x7f2656608000 [pid 6505] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6504] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6504] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6506 attached , parent_tid=[6506], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6506 [pid 6506] set_robust_list(0x7f26566289e0, 24 [pid 6504] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6506] <... set_robust_list resumed>) = 0 [pid 6504] <... futex resumed>) = 0 [pid 6504] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6506] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6506] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6506] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6504] <... futex resumed>) = 0 [pid 6506] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6504] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6505] <... futex resumed>) = 0 [pid 6504] <... futex resumed>) = 1 [pid 6505] getdents64(-1, [pid 6504] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6505] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6505] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6504] <... futex resumed>) = 0 [pid 6505] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6504] exit_group(0 [pid 6505] <... futex resumed>) = ? [pid 6504] <... exit_group resumed>) = ? [pid 6505] +++ exited with 0 +++ [pid 6506] <... futex resumed>) = ? [pid 6506] +++ exited with 0 +++ [pid 6504] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6504, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./474", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./474", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./474/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./474/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./474/binderfs") = 0 umount2("./474/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./474/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./474/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 124.488594][ T6505] loop0: detected capacity change from 0 to 256 [ 124.497323][ T6505] exfat: Deprecated parameter 'utf8' [ 124.508245][ T6505] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./474/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./474/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./474/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./474") = 0 mkdir("./475", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6507 ./strace-static-x86_64: Process 6507 attached [pid 6507] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6507] chdir("./475") = 0 [pid 6507] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6507] setpgid(0, 0) = 0 [pid 6507] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6507] write(3, "1000", 4) = 4 [pid 6507] close(3) = 0 [pid 6507] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6507] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6507] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6507] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6507] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6508 attached , parent_tid=[6508], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6508 [pid 6508] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6508] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6507] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6508] <... futex resumed>) = 0 [pid 6507] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6508] memfd_create("syzkaller", 0) = 3 [pid 6508] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6508] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6508] munmap(0x7f2656609000, 131072) = 0 [pid 6508] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6508] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6508] close(3) = 0 [pid 6508] mkdir("./file2", 0777) = 0 [pid 6508] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6508] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6508] chdir("./file2") = 0 [pid 6508] ioctl(4, LOOP_CLR_FD) = 0 [pid 6508] close(4) = 0 [pid 6508] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6507] <... futex resumed>) = 0 [pid 6507] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6507] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6508] <... futex resumed>) = 1 [pid 6508] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6508] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6507] <... futex resumed>) = 0 [pid 6507] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6507] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6508] <... futex resumed>) = 1 [pid 6508] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6508] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6507] <... futex resumed>) = 0 [pid 6507] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6507] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6508] <... futex resumed>) = 1 [pid 6508] write(4, "\x00\x00", 2) = 2 [pid 6508] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6507] <... futex resumed>) = 0 [pid 6507] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6507] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6507] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6507] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6507] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6509], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6509 [pid 6507] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6507] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6508] <... futex resumed>) = 1 [pid 6508] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6508] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6508] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6509 attached [pid 6509] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6509] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6509] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6509] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6507] <... futex resumed>) = 0 [pid 6507] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6507] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6508] <... futex resumed>) = 0 [pid 6508] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6508] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6507] <... futex resumed>) = 0 [pid 6507] exit_group(0) = ? [pid 6508] +++ exited with 0 +++ [pid 6509] <... futex resumed>) = ? [pid 6509] +++ exited with 0 +++ [pid 6507] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6507, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./475", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./475", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./475/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./475/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./475/binderfs") = 0 umount2("./475/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./475/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./475/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./475/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./475/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./475/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./475") = 0 mkdir("./476", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 124.609042][ T6508] loop0: detected capacity change from 0 to 256 [ 124.618049][ T6508] exfat: Deprecated parameter 'utf8' [ 124.628697][ T6508] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6510 ./strace-static-x86_64: Process 6510 attached [pid 6510] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6510] chdir("./476") = 0 [pid 6510] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6510] setpgid(0, 0) = 0 [pid 6510] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6510] write(3, "1000", 4) = 4 [pid 6510] close(3) = 0 [pid 6510] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6510] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6510] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6510] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6510] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6511 attached [pid 6511] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6511] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6510] <... clone resumed>, parent_tid=[6511], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6511 [pid 6510] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6511] <... futex resumed>) = 0 [pid 6510] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6511] memfd_create("syzkaller", 0) = 3 [pid 6511] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6511] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6511] munmap(0x7f2656609000, 131072) = 0 [pid 6511] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6511] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6511] close(3) = 0 [pid 6511] mkdir("./file2", 0777) = 0 [pid 6511] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6511] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6511] chdir("./file2") = 0 [pid 6511] ioctl(4, LOOP_CLR_FD) = 0 [pid 6511] close(4) = 0 [pid 6511] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6510] <... futex resumed>) = 0 [pid 6511] <... futex resumed>) = 1 [pid 6510] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6511] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6510] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6511] <... openat resumed>) = 4 [pid 6511] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6510] <... futex resumed>) = 0 [pid 6510] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6510] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6511] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6511] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6510] <... futex resumed>) = 0 [pid 6510] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6510] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6511] write(4, "\x00\x00", 2) = 2 [pid 6511] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6510] <... futex resumed>) = 0 [pid 6510] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6510] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6510] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6510] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6510] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6512 attached , parent_tid=[6512], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6512 [pid 6512] set_robust_list(0x7f26566289e0, 24 [pid 6510] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6510] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6512] <... set_robust_list resumed>) = 0 [pid 6512] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6511] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6512] <... openat resumed>) = 6 [pid 6512] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6510] <... futex resumed>) = 0 [pid 6510] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6510] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6512] <... futex resumed>) = 1 [pid 6511] <... mmap resumed>) = 0x20000000 [pid 6512] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 6512] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6510] <... futex resumed>) = 0 [pid 6512] <... futex resumed>) = 1 [pid 6512] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6511] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6511] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6510] exit_group(0) = ? [pid 6511] <... futex resumed>) = ? [pid 6512] <... futex resumed>) = ? [pid 6511] +++ exited with 0 +++ [pid 6512] +++ exited with 0 +++ [pid 6510] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6510, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./476", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./476", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./476/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./476/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 124.718522][ T6511] loop0: detected capacity change from 0 to 256 [ 124.727615][ T6511] exfat: Deprecated parameter 'utf8' [ 124.737735][ T6511] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) unlink("./476/binderfs") = 0 umount2("./476/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./476/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./476/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./476/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./476/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./476/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./476") = 0 mkdir("./477", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6513 ./strace-static-x86_64: Process 6513 attached [pid 6513] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6513] chdir("./477") = 0 [pid 6513] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6513] setpgid(0, 0) = 0 [pid 6513] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6513] write(3, "1000", 4) = 4 [pid 6513] close(3) = 0 [pid 6513] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6513] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6513] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6513] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6513] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6514 attached [pid 6514] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6514] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6513] <... clone resumed>, parent_tid=[6514], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6514 [pid 6513] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6514] <... futex resumed>) = 0 [pid 6513] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6514] memfd_create("syzkaller", 0) = 3 [pid 6514] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6514] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6514] munmap(0x7f2656609000, 131072) = 0 [pid 6514] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6514] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6514] close(3) = 0 [pid 6514] mkdir("./file2", 0777) = 0 [pid 6514] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6514] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6514] chdir("./file2") = 0 [pid 6514] ioctl(4, LOOP_CLR_FD) = 0 [pid 6514] close(4) = 0 [pid 6514] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6513] <... futex resumed>) = 0 [pid 6513] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6513] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6514] <... futex resumed>) = 1 [pid 6514] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6514] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6513] <... futex resumed>) = 0 [pid 6513] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6513] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6514] <... futex resumed>) = 1 [pid 6514] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6514] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6514] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6513] <... futex resumed>) = 0 [pid 6513] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6513] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6514] <... futex resumed>) = 0 [pid 6514] write(4, "\x00\x00", 2) = 2 [pid 6514] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6513] <... futex resumed>) = 0 [pid 6513] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6513] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6513] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6513] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6513] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6515], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6515 ./strace-static-x86_64: Process 6515 attached [pid 6513] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6513] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6514] <... futex resumed>) = 1 [pid 6514] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6515] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6514] <... mmap resumed>) = 0x20000000 [pid 6515] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6514] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6514] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6515] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6515] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6513] <... futex resumed>) = 0 [pid 6513] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6513] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6514] <... futex resumed>) = 0 [pid 6514] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6514] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6513] <... futex resumed>) = 0 [pid 6513] exit_group(0) = ? [pid 6514] <... futex resumed>) = ? [pid 6515] <... futex resumed>) = ? [pid 6514] +++ exited with 0 +++ [pid 6515] +++ exited with 0 +++ [pid 6513] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6513, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./477", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./477", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./477/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./477/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./477/binderfs") = 0 umount2("./477/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./477/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./477/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./477/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./477/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 [ 124.852039][ T6514] loop0: detected capacity change from 0 to 256 [ 124.861230][ T6514] exfat: Deprecated parameter 'utf8' [ 124.872981][ T6514] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./477/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./477") = 0 mkdir("./478", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6516 ./strace-static-x86_64: Process 6516 attached [pid 6516] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6516] chdir("./478") = 0 [pid 6516] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6516] setpgid(0, 0) = 0 [pid 6516] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6516] write(3, "1000", 4) = 4 [pid 6516] close(3) = 0 [pid 6516] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6516] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6516] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6516] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6516] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6517], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6517 [pid 6516] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6516] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6517 attached [pid 6517] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6517] memfd_create("syzkaller", 0) = 3 [pid 6517] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6517] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6517] munmap(0x7f2656609000, 131072) = 0 [pid 6517] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6517] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6517] close(3) = 0 [pid 6517] mkdir("./file2", 0777) = 0 [pid 6517] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6517] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6517] chdir("./file2") = 0 [pid 6517] ioctl(4, LOOP_CLR_FD) = 0 [pid 6517] close(4) = 0 [pid 6517] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6516] <... futex resumed>) = 0 [pid 6516] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6516] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6517] <... futex resumed>) = 1 [pid 6517] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6517] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6516] <... futex resumed>) = 0 [pid 6516] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6516] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6517] <... futex resumed>) = 1 [pid 6517] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6517] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6516] <... futex resumed>) = 0 [pid 6516] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6516] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6517] <... futex resumed>) = 1 [pid 6517] write(4, "\x00\x00", 2) = 2 [pid 6517] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6516] <... futex resumed>) = 0 [pid 6517] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6516] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6517] <... mmap resumed>) = 0x20000000 [pid 6516] <... futex resumed>) = 0 [pid 6516] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6516] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6517] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6516] <... mmap resumed>) = 0x7f2656608000 [pid 6517] <... futex resumed>) = 0 [pid 6516] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6517] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6516] <... mprotect resumed>) = 0 [pid 6516] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6518 attached [pid 6518] set_robust_list(0x7f26566289e0, 24 [pid 6516] <... clone resumed>, parent_tid=[6518], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6518 [pid 6518] <... set_robust_list resumed>) = 0 [pid 6516] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6518] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6516] <... futex resumed>) = 0 [pid 6518] openat(AT_FDCWD, "", O_RDONLY [pid 6516] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6518] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 6518] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6518] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6516] <... futex resumed>) = 0 [pid 6516] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6517] <... futex resumed>) = 0 [pid 6516] <... futex resumed>) = 1 [pid 6517] getdents64(-1, [pid 6516] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6517] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6517] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6516] <... futex resumed>) = 0 [pid 6517] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6516] exit_group(0 [pid 6518] <... futex resumed>) = ? [pid 6517] <... futex resumed>) = ? [pid 6516] <... exit_group resumed>) = ? [pid 6518] +++ exited with 0 +++ [pid 6517] +++ exited with 0 +++ [pid 6516] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6516, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./478", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./478", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./478/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./478/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./478/binderfs") = 0 umount2("./478/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./478/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./478/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./478/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./478/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./478/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./478") = 0 mkdir("./479", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 124.956328][ T6517] loop0: detected capacity change from 0 to 256 [ 124.964735][ T6517] exfat: Deprecated parameter 'utf8' [ 124.975706][ T6517] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6519 ./strace-static-x86_64: Process 6519 attached [pid 6519] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6519] chdir("./479") = 0 [pid 6519] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6519] setpgid(0, 0) = 0 [pid 6519] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6519] write(3, "1000", 4) = 4 [pid 6519] close(3) = 0 [pid 6519] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6519] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6519] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6519] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6519] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6520], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6520 [pid 6519] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6519] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6520 attached [pid 6520] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6520] memfd_create("syzkaller", 0) = 3 [pid 6520] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6520] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6520] munmap(0x7f2656609000, 131072) = 0 [pid 6520] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6520] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6520] close(3) = 0 [pid 6520] mkdir("./file2", 0777) = 0 [pid 6520] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6520] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6520] chdir("./file2") = 0 [pid 6520] ioctl(4, LOOP_CLR_FD) = 0 [pid 6520] close(4) = 0 [pid 6520] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6519] <... futex resumed>) = 0 [pid 6519] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6519] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6520] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6520] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6519] <... futex resumed>) = 0 [pid 6519] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6519] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6520] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6520] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6519] <... futex resumed>) = 0 [pid 6519] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6519] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6520] write(4, "\x00\x00", 2) = 2 [pid 6520] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6519] <... futex resumed>) = 0 [pid 6519] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6519] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6519] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6520] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6519] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6520] <... mmap resumed>) = 0x20000000 [pid 6519] <... mprotect resumed>) = 0 [pid 6519] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6520] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6521 attached [pid 6519] <... clone resumed>, parent_tid=[6521], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6521 [pid 6519] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6519] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6520] <... futex resumed>) = 0 [pid 6520] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6521] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6521] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6521] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6521] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6519] <... futex resumed>) = 0 [pid 6519] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6520] <... futex resumed>) = 0 [pid 6519] <... futex resumed>) = 1 [pid 6520] getdents64(-1, [pid 6519] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6520] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6520] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6519] <... futex resumed>) = 0 [pid 6520] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6519] exit_group(0 [pid 6520] <... futex resumed>) = ? [pid 6519] <... exit_group resumed>) = ? [pid 6520] +++ exited with 0 +++ [pid 6521] +++ exited with 0 +++ [pid 6519] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6519, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./479", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./479", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./479/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./479/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./479/binderfs") = 0 umount2("./479/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./479/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./479/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./479/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 125.065158][ T6520] loop0: detected capacity change from 0 to 256 [ 125.074974][ T6520] exfat: Deprecated parameter 'utf8' [ 125.086528][ T6520] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) openat(AT_FDCWD, "./479/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./479/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./479") = 0 mkdir("./480", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6522 attached , child_tidptr=0x555556b3a6d0) = 6522 [pid 6522] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6522] chdir("./480") = 0 [pid 6522] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6522] setpgid(0, 0) = 0 [pid 6522] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6522] write(3, "1000", 4) = 4 [pid 6522] close(3) = 0 [pid 6522] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6522] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6522] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6522] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6522] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6523], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6523 [pid 6522] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6522] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6523 attached [pid 6523] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6523] memfd_create("syzkaller", 0) = 3 [pid 6523] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6523] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6523] munmap(0x7f2656609000, 131072) = 0 [pid 6523] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6523] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6523] close(3) = 0 [pid 6523] mkdir("./file2", 0777) = 0 [pid 6523] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6523] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6523] chdir("./file2") = 0 [pid 6523] ioctl(4, LOOP_CLR_FD) = 0 [pid 6523] close(4) = 0 [pid 6523] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6523] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6522] <... futex resumed>) = 0 [pid 6522] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6523] <... futex resumed>) = 0 [pid 6522] <... futex resumed>) = 1 [pid 6523] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6522] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6523] <... openat resumed>) = 4 [pid 6523] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6522] <... futex resumed>) = 0 [pid 6522] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6523] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6522] <... futex resumed>) = 0 [pid 6522] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6523] <... openat resumed>) = 5 [pid 6523] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6522] <... futex resumed>) = 0 [pid 6523] write(4, "\x00\x00", 2 [pid 6522] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6523] <... write resumed>) = 2 [pid 6523] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6522] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6523] <... futex resumed>) = 0 [pid 6523] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6522] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6522] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6523] <... futex resumed>) = 0 [pid 6522] <... futex resumed>) = 1 [pid 6523] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6522] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6523] <... mmap resumed>) = 0x20000000 [pid 6522] <... futex resumed>) = 0 [pid 6523] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6522] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6523] <... futex resumed>) = 0 [pid 6522] <... mmap resumed>) = 0x7f2656608000 [pid 6523] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6522] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6522] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6524 attached [pid 6524] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6524] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6522] <... clone resumed>, parent_tid=[6524], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6524 [pid 6522] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6524] <... futex resumed>) = 0 [pid 6524] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6524] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6524] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6524] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6522] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6522] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6523] <... futex resumed>) = 0 [pid 6522] <... futex resumed>) = 1 [pid 6523] getdents64(-1, [pid 6522] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6523] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6523] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6522] <... futex resumed>) = 0 [pid 6523] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6522] exit_group(0 [pid 6523] <... futex resumed>) = ? [pid 6522] <... exit_group resumed>) = ? [pid 6523] +++ exited with 0 +++ [pid 6524] <... futex resumed>) = ? [pid 6524] +++ exited with 0 +++ [pid 6522] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6522, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./480", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./480", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./480/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./480/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./480/binderfs") = 0 [ 125.204163][ T6523] loop0: detected capacity change from 0 to 256 [ 125.213312][ T6523] exfat: Deprecated parameter 'utf8' [ 125.222761][ T6523] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./480/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./480/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./480/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./480/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./480/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./480/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./480") = 0 mkdir("./481", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6525 ./strace-static-x86_64: Process 6525 attached [pid 6525] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6525] chdir("./481") = 0 [pid 6525] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6525] setpgid(0, 0) = 0 [pid 6525] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6525] write(3, "1000", 4) = 4 [pid 6525] close(3) = 0 [pid 6525] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6525] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6525] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6525] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6525] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6526], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6526 [pid 6525] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6525] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6526 attached [pid 6526] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6526] memfd_create("syzkaller", 0) = 3 [pid 6526] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6526] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6526] munmap(0x7f2656609000, 131072) = 0 [pid 6526] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6526] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6526] close(3) = 0 [pid 6526] mkdir("./file2", 0777) = 0 [pid 6526] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6526] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6526] chdir("./file2") = 0 [pid 6526] ioctl(4, LOOP_CLR_FD) = 0 [pid 6526] close(4) = 0 [pid 6526] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6525] <... futex resumed>) = 0 [pid 6526] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6525] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6526] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6525] <... futex resumed>) = 0 [pid 6526] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6525] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6526] <... openat resumed>) = 4 [pid 6526] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6525] <... futex resumed>) = 0 [pid 6526] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6525] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6526] <... futex resumed>) = 0 [pid 6525] <... futex resumed>) = 1 [pid 6526] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6525] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6526] <... openat resumed>) = 5 [pid 6526] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6525] <... futex resumed>) = 0 [pid 6526] write(4, "\x00\x00", 2 [pid 6525] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6526] <... write resumed>) = 2 [pid 6525] <... futex resumed>) = 0 [pid 6526] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6525] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6526] <... futex resumed>) = 0 [pid 6525] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6526] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6525] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6526] <... mmap resumed>) = 0x20000000 [pid 6525] <... futex resumed>) = 0 [pid 6526] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6525] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6526] <... futex resumed>) = 0 [pid 6525] <... futex resumed>) = 0 [pid 6526] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6525] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6525] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6525] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6527], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6527 [pid 6525] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6525] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6527 attached [pid 6527] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6527] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6527] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6527] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6525] <... futex resumed>) = 0 [pid 6525] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6526] <... futex resumed>) = 0 [pid 6525] <... futex resumed>) = 1 [pid 6526] getdents64(-1, [pid 6525] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6526] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6526] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6525] <... futex resumed>) = 0 [pid 6526] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6525] exit_group(0 [pid 6526] <... futex resumed>) = ? [pid 6525] <... exit_group resumed>) = ? [pid 6526] +++ exited with 0 +++ [pid 6527] <... futex resumed>) = ? [pid 6527] +++ exited with 0 +++ [pid 6525] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6525, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./481", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./481", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./481/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./481/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./481/binderfs") = 0 [ 125.323204][ T6526] loop0: detected capacity change from 0 to 256 [ 125.333228][ T6526] exfat: Deprecated parameter 'utf8' [ 125.343827][ T6526] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./481/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./481/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./481/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./481/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./481/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./481/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./481") = 0 mkdir("./482", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6528 ./strace-static-x86_64: Process 6528 attached [pid 6528] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6528] chdir("./482") = 0 [pid 6528] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6528] setpgid(0, 0) = 0 [pid 6528] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6528] write(3, "1000", 4) = 4 [pid 6528] close(3) = 0 [pid 6528] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6528] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6528] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6528] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6528] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6529], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6529 [pid 6528] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6528] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6529 attached [pid 6529] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6529] memfd_create("syzkaller", 0) = 3 [pid 6529] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6529] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6529] munmap(0x7f2656609000, 131072) = 0 [pid 6529] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6529] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6529] close(3) = 0 [pid 6529] mkdir("./file2", 0777) = 0 [pid 6529] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6529] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6529] chdir("./file2") = 0 [pid 6529] ioctl(4, LOOP_CLR_FD) = 0 [pid 6529] close(4) = 0 [pid 6529] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6528] <... futex resumed>) = 0 [pid 6528] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6528] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6529] <... futex resumed>) = 1 [pid 6529] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6529] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6528] <... futex resumed>) = 0 [pid 6528] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6528] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6529] <... futex resumed>) = 1 [pid 6529] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6529] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6528] <... futex resumed>) = 0 [pid 6528] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6528] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6529] <... futex resumed>) = 1 [pid 6529] write(4, "\x00\x00", 2) = 2 [pid 6529] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6528] <... futex resumed>) = 0 [pid 6528] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6528] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6528] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6528] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6528] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6530], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6530 [pid 6528] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6528] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6529] <... futex resumed>) = 1 [pid 6529] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6529] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6529] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6530 attached [pid 6530] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6530] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6530] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6530] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6528] <... futex resumed>) = 0 [pid 6528] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6528] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6529] <... futex resumed>) = 0 [pid 6529] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6529] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6528] <... futex resumed>) = 0 [pid 6528] exit_group(0) = ? [pid 6529] <... futex resumed>) = ? [pid 6529] +++ exited with 0 +++ [pid 6530] <... futex resumed>) = ? [pid 6530] +++ exited with 0 +++ [pid 6528] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6528, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./482", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./482", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./482/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./482/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./482/binderfs") = 0 umount2("./482/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./482/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./482/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./482/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./482/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./482/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./482") = 0 mkdir("./483", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 125.431880][ T6529] loop0: detected capacity change from 0 to 256 [ 125.439521][ T5080] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 125.442166][ T6529] exfat: Deprecated parameter 'utf8' [ 125.460554][ T6529] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6531 ./strace-static-x86_64: Process 6531 attached [pid 6531] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6531] chdir("./483") = 0 [pid 6531] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6531] setpgid(0, 0) = 0 [pid 6531] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6531] write(3, "1000", 4) = 4 [pid 6531] close(3) = 0 [pid 6531] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6531] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6531] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6531] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6531] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6532], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6532 ./strace-static-x86_64: Process 6532 attached [pid 6531] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6532] set_robust_list(0x7f265ea299e0, 24 [pid 6531] <... futex resumed>) = 0 [pid 6532] <... set_robust_list resumed>) = 0 [pid 6532] memfd_create("syzkaller", 0 [pid 6531] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6532] <... memfd_create resumed>) = 3 [pid 6532] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6532] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6532] munmap(0x7f2656609000, 131072) = 0 [pid 6532] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6532] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6532] close(3) = 0 [pid 6532] mkdir("./file2", 0777) = 0 [pid 6532] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6532] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6532] chdir("./file2") = 0 [pid 6532] ioctl(4, LOOP_CLR_FD) = 0 [pid 6532] close(4) = 0 [pid 6532] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6531] <... futex resumed>) = 0 [pid 6532] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6531] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6531] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6532] <... openat resumed>) = 4 [pid 6532] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6531] <... futex resumed>) = 0 [pid 6532] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6531] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6532] <... openat resumed>) = 5 [pid 6531] <... futex resumed>) = 0 [pid 6532] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6531] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6532] <... futex resumed>) = 0 [pid 6531] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6532] write(4, "\x00\x00", 2 [pid 6531] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6532] <... write resumed>) = 2 [pid 6531] <... futex resumed>) = 0 [pid 6532] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6531] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6532] <... futex resumed>) = 0 [pid 6531] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6532] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6531] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6532] <... futex resumed>) = 0 [pid 6531] <... futex resumed>) = 1 [pid 6532] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6531] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6532] <... mmap resumed>) = 0x20000000 [pid 6531] <... futex resumed>) = 0 [pid 6531] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6532] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6531] <... mmap resumed>) = 0x7f2656608000 [pid 6532] <... futex resumed>) = 0 [pid 6531] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6532] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6531] <... mprotect resumed>) = 0 [pid 6531] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6533 attached , parent_tid=[6533], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6533 [pid 6533] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6533] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6531] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6533] <... futex resumed>) = 0 [pid 6531] <... futex resumed>) = 1 [pid 6533] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6531] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6533] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6533] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6531] <... futex resumed>) = 0 [pid 6533] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6531] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6531] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6532] <... futex resumed>) = 0 [pid 6532] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6532] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6531] <... futex resumed>) = 0 [pid 6532] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6531] exit_group(0 [pid 6533] <... futex resumed>) = ? [pid 6533] +++ exited with 0 +++ [pid 6532] <... futex resumed>) = ? [pid 6531] <... exit_group resumed>) = ? [pid 6532] +++ exited with 0 +++ [pid 6531] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6531, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./483", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./483", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./483/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./483/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./483/binderfs") = 0 [ 125.554722][ T6532] loop0: detected capacity change from 0 to 256 [ 125.563634][ T6532] exfat: Deprecated parameter 'utf8' [ 125.572970][ T6532] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./483/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./483/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./483/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./483/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./483/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./483/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./483") = 0 mkdir("./484", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6534 ./strace-static-x86_64: Process 6534 attached [pid 6534] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6534] chdir("./484") = 0 [pid 6534] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6534] setpgid(0, 0) = 0 [pid 6534] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6534] write(3, "1000", 4) = 4 [pid 6534] close(3) = 0 [pid 6534] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6534] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6534] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6534] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6534] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6535 attached , parent_tid=[6535], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6535 [pid 6534] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6534] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6535] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6535] memfd_create("syzkaller", 0) = 3 [pid 6535] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6535] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6535] munmap(0x7f2656609000, 131072) = 0 [pid 6535] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6535] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6535] close(3) = 0 [pid 6535] mkdir("./file2", 0777) = 0 [pid 6535] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6535] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6535] chdir("./file2") = 0 [pid 6535] ioctl(4, LOOP_CLR_FD) = 0 [pid 6535] close(4) = 0 [pid 6535] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6534] <... futex resumed>) = 0 [pid 6534] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6534] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6535] <... futex resumed>) = 1 [pid 6535] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6535] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6534] <... futex resumed>) = 0 [pid 6534] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6535] <... futex resumed>) = 1 [pid 6534] <... futex resumed>) = 0 [pid 6534] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6535] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6535] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6534] <... futex resumed>) = 0 [pid 6535] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6534] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6535] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6534] <... futex resumed>) = 0 [pid 6535] write(4, "\x00\x00", 2 [pid 6534] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6535] <... write resumed>) = 2 [pid 6535] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6534] <... futex resumed>) = 0 [pid 6535] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6534] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6535] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6534] <... futex resumed>) = 0 [pid 6535] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6534] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6534] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6535] <... mmap resumed>) = 0x20000000 [pid 6534] <... mmap resumed>) = 0x7f2656608000 [pid 6535] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6534] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6535] <... futex resumed>) = 0 [pid 6535] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6534] <... mprotect resumed>) = 0 [pid 6534] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6536 attached , parent_tid=[6536], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6536 [pid 6536] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6536] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6534] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6534] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6536] <... futex resumed>) = 0 [pid 6536] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6536] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6536] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6534] <... futex resumed>) = 0 [pid 6534] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6534] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6536] <... futex resumed>) = 1 [pid 6535] <... futex resumed>) = 0 [pid 6536] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6535] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6535] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6534] <... futex resumed>) = 0 [pid 6535] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6534] exit_group(0 [pid 6535] <... futex resumed>) = ? [pid 6534] <... exit_group resumed>) = ? [pid 6535] +++ exited with 0 +++ [pid 6536] <... futex resumed>) = ? [pid 6536] +++ exited with 0 +++ [pid 6534] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6534, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./484", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./484", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./484/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./484/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./484/binderfs") = 0 umount2("./484/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./484/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 125.677397][ T6535] loop0: detected capacity change from 0 to 256 [ 125.685745][ T6535] exfat: Deprecated parameter 'utf8' [ 125.697602][ T6535] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) lstat("./484/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./484/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./484/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./484/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./484") = 0 mkdir("./485", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6537 attached [pid 6537] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5078] <... clone resumed>, child_tidptr=0x555556b3a6d0) = 6537 [pid 6537] chdir("./485") = 0 [pid 6537] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6537] setpgid(0, 0) = 0 [pid 6537] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6537] write(3, "1000", 4) = 4 [pid 6537] close(3) = 0 [pid 6537] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6537] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6537] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6537] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6537] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6538], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6538 [pid 6537] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6537] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6538 attached [pid 6538] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6538] memfd_create("syzkaller", 0) = 3 [pid 6538] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6538] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6538] munmap(0x7f2656609000, 131072) = 0 [pid 6538] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6538] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6538] close(3) = 0 [pid 6538] mkdir("./file2", 0777) = 0 [pid 6538] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6538] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6538] chdir("./file2") = 0 [pid 6538] ioctl(4, LOOP_CLR_FD) = 0 [pid 6538] close(4) = 0 [pid 6538] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6537] <... futex resumed>) = 0 [pid 6537] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6537] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6538] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6538] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6537] <... futex resumed>) = 0 [pid 6537] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6537] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6538] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6538] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6537] <... futex resumed>) = 0 [pid 6537] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6537] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6538] <... futex resumed>) = 1 [pid 6538] write(4, "\x00\x00", 2) = 2 [pid 6538] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6537] <... futex resumed>) = 0 [pid 6537] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6538] <... futex resumed>) = 1 [pid 6537] <... futex resumed>) = 0 [pid 6538] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6537] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6538] <... mmap resumed>) = 0x20000000 [pid 6537] <... futex resumed>) = 0 [pid 6537] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6537] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6538] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6537] <... mprotect resumed>) = 0 [pid 6538] <... futex resumed>) = 0 [pid 6537] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6539 attached [pid 6538] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6537] <... clone resumed>, parent_tid=[6539], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6539 [pid 6537] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6537] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6539] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6539] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6539] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6539] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6537] <... futex resumed>) = 0 [pid 6537] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6538] <... futex resumed>) = 0 [pid 6537] <... futex resumed>) = 1 [pid 6538] getdents64(-1, [pid 6537] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6538] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6538] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6537] <... futex resumed>) = 0 [pid 6539] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6538] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6537] exit_group(0 [pid 6538] <... futex resumed>) = ? [pid 6537] <... exit_group resumed>) = ? [pid 6538] +++ exited with 0 +++ [pid 6539] <... futex resumed>) = ? [pid 6539] +++ exited with 0 +++ [pid 6537] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6537, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./485", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./485", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./485/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./485/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./485/binderfs") = 0 [ 125.791567][ T6538] loop0: detected capacity change from 0 to 256 [ 125.800470][ T6538] exfat: Deprecated parameter 'utf8' [ 125.812604][ T6538] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./485/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./485/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./485/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./485/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./485/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./485/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./485") = 0 mkdir("./486", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6540 ./strace-static-x86_64: Process 6540 attached [pid 6540] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6540] chdir("./486") = 0 [pid 6540] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6540] setpgid(0, 0) = 0 [pid 6540] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6540] write(3, "1000", 4) = 4 [pid 6540] close(3) = 0 [pid 6540] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6540] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6540] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6540] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6540] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6541 attached , parent_tid=[6541], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6541 [pid 6541] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6541] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6540] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6541] <... futex resumed>) = 0 [pid 6540] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6541] memfd_create("syzkaller", 0) = 3 [pid 6541] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6541] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6541] munmap(0x7f2656609000, 131072) = 0 [pid 6541] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6541] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6541] close(3) = 0 [pid 6541] mkdir("./file2", 0777) = 0 [pid 6541] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6541] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6541] chdir("./file2") = 0 [pid 6541] ioctl(4, LOOP_CLR_FD) = 0 [pid 6541] close(4) = 0 [pid 6541] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6540] <... futex resumed>) = 0 [pid 6540] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6540] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6541] <... futex resumed>) = 1 [pid 6541] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6541] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6540] <... futex resumed>) = 0 [pid 6540] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6540] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6541] <... futex resumed>) = 1 [pid 6541] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6541] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6540] <... futex resumed>) = 0 [pid 6540] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6540] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6541] <... futex resumed>) = 1 [pid 6541] write(4, "\x00\x00", 2) = 2 [pid 6541] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6540] <... futex resumed>) = 0 [pid 6540] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6541] <... futex resumed>) = 1 [pid 6540] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6541] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6540] <... futex resumed>) = 0 [pid 6541] <... mmap resumed>) = 0x20000000 [pid 6540] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6540] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6540] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6542 attached [pid 6541] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6540] <... clone resumed>, parent_tid=[6542], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6542 [pid 6541] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6540] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6540] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6542] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6542] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6542] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6542] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6540] <... futex resumed>) = 0 [pid 6542] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6540] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6541] <... futex resumed>) = 0 [pid 6540] <... futex resumed>) = 1 [pid 6541] getdents64(-1, [pid 6540] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6541] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6541] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6540] <... futex resumed>) = 0 [pid 6541] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6540] exit_group(0 [pid 6542] <... futex resumed>) = ? [pid 6541] <... futex resumed>) = ? [pid 6540] <... exit_group resumed>) = ? [pid 6542] +++ exited with 0 +++ [pid 6541] +++ exited with 0 +++ [pid 6540] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6540, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./486", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./486", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./486/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./486/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./486/binderfs") = 0 umount2("./486/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./486/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 125.927523][ T6541] loop0: detected capacity change from 0 to 256 [ 125.937160][ T6541] exfat: Deprecated parameter 'utf8' [ 125.949312][ T6541] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) lstat("./486/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./486/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./486/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./486/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./486") = 0 mkdir("./487", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6543 attached , child_tidptr=0x555556b3a6d0) = 6543 [pid 6543] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6543] chdir("./487") = 0 [pid 6543] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6543] setpgid(0, 0) = 0 [pid 6543] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6543] write(3, "1000", 4) = 4 [pid 6543] close(3) = 0 [pid 6543] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6543] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6543] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6543] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6543] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6544], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6544 [pid 6543] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6543] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6544 attached [pid 6544] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6544] memfd_create("syzkaller", 0) = 3 [pid 6544] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6544] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6544] munmap(0x7f2656609000, 131072) = 0 [pid 6544] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6544] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6544] close(3) = 0 [pid 6544] mkdir("./file2", 0777) = 0 [pid 6544] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6544] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6544] chdir("./file2") = 0 [pid 6544] ioctl(4, LOOP_CLR_FD) = 0 [pid 6544] close(4) = 0 [pid 6544] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6543] <... futex resumed>) = 0 [pid 6543] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6543] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6544] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6544] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6543] <... futex resumed>) = 0 [pid 6544] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6543] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6543] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6544] <... openat resumed>) = 5 [pid 6544] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6543] <... futex resumed>) = 0 [pid 6544] write(4, "\x00\x00", 2 [pid 6543] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6543] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6544] <... write resumed>) = 2 [pid 6544] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6543] <... futex resumed>) = 0 [pid 6544] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6543] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6544] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6543] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6544] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6543] <... futex resumed>) = 0 [pid 6544] <... mmap resumed>) = 0x20000000 [pid 6543] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6544] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6543] <... mmap resumed>) = 0x7f2656608000 [pid 6544] <... futex resumed>) = 0 [pid 6543] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6544] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6543] <... mprotect resumed>) = 0 [pid 6543] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6545], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6545 ./strace-static-x86_64: Process 6545 attached [pid 6545] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6545] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6543] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6545] <... futex resumed>) = 0 [pid 6545] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6545] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6545] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6545] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6543] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6543] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6544] <... futex resumed>) = 0 [pid 6543] <... futex resumed>) = 1 [pid 6544] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6543] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6544] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6543] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6544] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6543] exit_group(0) = ? [pid 6544] <... futex resumed>) = ? [pid 6545] <... futex resumed>) = ? [pid 6545] +++ exited with 0 +++ [pid 6544] +++ exited with 0 +++ [pid 6543] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6543, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./487", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./487", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./487/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./487/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./487/binderfs") = 0 umount2("./487/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./487/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./487/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./487/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./487/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./487/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./487") = 0 mkdir("./488", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 126.053059][ T6544] loop0: detected capacity change from 0 to 256 [ 126.062179][ T6544] exfat: Deprecated parameter 'utf8' [ 126.071453][ T6544] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6546 ./strace-static-x86_64: Process 6546 attached [pid 6546] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6546] chdir("./488") = 0 [pid 6546] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6546] setpgid(0, 0) = 0 [pid 6546] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6546] write(3, "1000", 4) = 4 [pid 6546] close(3) = 0 [pid 6546] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6546] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6546] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6546] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6546] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6547], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6547 [pid 6546] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6546] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6547 attached [pid 6547] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6547] memfd_create("syzkaller", 0) = 3 [pid 6547] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6547] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6547] munmap(0x7f2656609000, 131072) = 0 [pid 6547] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6547] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6547] close(3) = 0 [pid 6547] mkdir("./file2", 0777) = 0 [pid 6547] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6547] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6547] chdir("./file2") = 0 [pid 6547] ioctl(4, LOOP_CLR_FD) = 0 [pid 6547] close(4) = 0 [pid 6547] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6546] <... futex resumed>) = 0 [pid 6547] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6546] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6547] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6546] <... futex resumed>) = 0 [pid 6547] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6546] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6547] <... openat resumed>) = 4 [pid 6547] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6546] <... futex resumed>) = 0 [pid 6547] <... futex resumed>) = 1 [pid 6546] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6547] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6546] <... futex resumed>) = 0 [pid 6546] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6547] <... openat resumed>) = 5 [pid 6547] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6546] <... futex resumed>) = 0 [pid 6547] write(4, "\x00\x00", 2 [pid 6546] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6546] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6547] <... write resumed>) = 2 [pid 6547] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6546] <... futex resumed>) = 0 [pid 6546] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6546] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6546] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6546] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6546] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6547] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0./strace-static-x86_64: Process 6548 attached [pid 6546] <... clone resumed>, parent_tid=[6548], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6548 [pid 6548] set_robust_list(0x7f26566289e0, 24 [pid 6546] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6548] <... set_robust_list resumed>) = 0 [pid 6546] <... futex resumed>) = 0 [pid 6546] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6548] openat(AT_FDCWD, "./file0", O_RDONLY) = 6 [pid 6548] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6546] <... futex resumed>) = 0 [ 126.163162][ T6547] loop0: detected capacity change from 0 to 256 [ 126.172522][ T6547] exfat: Deprecated parameter 'utf8' [ 126.183727][ T6547] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6548] getdents64(6, [pid 6546] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6547] <... mmap resumed>) = 0x20000000 [pid 6546] <... futex resumed>) = 0 [pid 6546] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6547] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 126.229693][ T6548] [ 126.232084][ T6548] ====================================================== [ 126.239104][ T6548] WARNING: possible circular locking dependency detected [ 126.246113][ T6548] 6.3.0-rc3-syzkaller #0 Not tainted [ 126.251393][ T6548] ------------------------------------------------------ [ 126.258407][ T6548] syz-executor377/6548 is trying to acquire lock: [ 126.264808][ T6548] ffff8880766bc998 (&mm->mmap_lock){++++}-{3:3}, at: exc_page_fault+0x486/0x7c0 [ 126.273881][ T6548] [pid 6547] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6546] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6546] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6546] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 126.273881][ T6548] but task is already holding lock: [ 126.281240][ T6548] ffff88807c2640e0 (&sbi->s_lock){+.+.}-{3:3}, at: exfat_iterate+0x171/0x3370 [ 126.290125][ T6548] [ 126.290125][ T6548] which lock already depends on the new lock. [ 126.290125][ T6548] [ 126.300522][ T6548] [ 126.300522][ T6548] the existing dependency chain (in reverse order) is: [ 126.309543][ T6548] [ 126.309543][ T6548] -> #2 (&sbi->s_lock){+.+.}-{3:3}: [ 126.316932][ T6548] lock_acquire+0x1e1/0x520 [ 126.321973][ T6548] __mutex_lock_common+0x1d8/0x2530 [ 126.327697][ T6548] mutex_lock_nested+0x1b/0x20 [ 126.332991][ T6548] exfat_get_block+0x1e5/0x2050 [ 126.338401][ T6548] do_mpage_readpage+0x911/0x1fa0 [ 126.343954][ T6548] mpage_readahead+0x454/0x930 [ 126.349238][ T6548] read_pages+0x183/0x830 [ 126.354087][ T6548] page_cache_ra_unbounded+0x697/0x7c0 [ 126.360060][ T6548] filemap_get_pages+0x49c/0x20c0 [ 126.365615][ T6548] filemap_read+0x45a/0x1170 [ 126.370762][ T6548] __kernel_read+0x422/0x8a0 [pid 6546] exit_group(0 [pid 6547] <... futex resumed>) = ? [pid 6546] <... exit_group resumed>) = ? [pid 6547] +++ exited with 0 +++ [ 126.375908][ T6548] integrity_kernel_read+0xb0/0xf0 [ 126.381561][ T6548] ima_calc_file_hash+0xa5b/0x1c00 [ 126.387200][ T6548] ima_collect_measurement+0x3a7/0x880 [ 126.393193][ T6548] process_measurement+0xfdb/0x1ce0 [ 126.398931][ T6548] ima_file_check+0xf1/0x170 [ 126.404070][ T6548] path_openat+0x280a/0x3170 [ 126.409189][ T6548] do_filp_open+0x234/0x490 [ 126.414212][ T6548] do_sys_openat2+0x13f/0x500 [ 126.419409][ T6548] __x64_sys_openat+0x247/0x290 [ 126.424779][ T6548] do_syscall_64+0x41/0xc0 [ 126.429717][ T6548] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 126.436145][ T6548] [ 126.436145][ T6548] -> #1 (mapping.invalidate_lock#3){.+.+}-{3:3}: [ 126.444658][ T6548] lock_acquire+0x1e1/0x520 [ 126.449673][ T6548] down_read+0x3d/0x50 [ 126.454273][ T6548] filemap_fault+0x644/0x1800 [ 126.459477][ T6548] __do_fault+0x136/0x500 [ 126.464328][ T6548] handle_mm_fault+0x3357/0x51c0 [ 126.469798][ T6548] __get_user_pages+0x512/0x1180 [ 126.475281][ T6548] __gup_longterm_locked+0x208c/0x2aa0 [ 126.481267][ T6548] pin_user_pages_remote+0x136/0x200 [ 126.487080][ T6548] process_vm_rw+0x72b/0xcd0 [ 126.492207][ T6548] __x64_sys_process_vm_readv+0xe0/0xf0 [ 126.498286][ T6548] do_syscall_64+0x41/0xc0 [ 126.503244][ T6548] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 126.509662][ T6548] [ 126.509662][ T6548] -> #0 (&mm->mmap_lock){++++}-{3:3}: [ 126.517216][ T6548] validate_chain+0x166b/0x58e0 [ 126.522581][ T6548] __lock_acquire+0x125b/0x1f80 [ 126.527955][ T6548] lock_acquire+0x1e1/0x520 [ 126.532975][ T6548] down_read+0x3d/0x50 [ 126.537567][ T6548] exc_page_fault+0x486/0x7c0 [ 126.542779][ T6548] asm_exc_page_fault+0x26/0x30 [ 126.548149][ T6548] filldir64+0x30b/0x720 [ 126.553085][ T6548] exfat_iterate+0x2b8/0x3370 [ 126.558284][ T6548] iterate_dir+0x228/0x570 [ 126.563217][ T6548] __se_sys_getdents64+0x20d/0x4f0 [ 126.568857][ T6548] do_syscall_64+0x41/0xc0 [ 126.573799][ T6548] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 126.580231][ T6548] [ 126.580231][ T6548] other info that might help us debug this: [ 126.580231][ T6548] [ 126.590460][ T6548] Chain exists of: [ 126.590460][ T6548] &mm->mmap_lock --> mapping.invalidate_lock#3 --> &sbi->s_lock [ 126.590460][ T6548] [ 126.604124][ T6548] Possible unsafe locking scenario: [ 126.604124][ T6548] [ 126.611563][ T6548] CPU0 CPU1 [ 126.616918][ T6548] ---- ---- [ 126.622273][ T6548] lock(&sbi->s_lock); [ 126.626422][ T6548] lock(mapping.invalidate_lock#3); [ 126.634223][ T6548] lock(&sbi->s_lock); [ 126.640895][ T6548] lock(&mm->mmap_lock); [ 126.645220][ T6548] [ 126.645220][ T6548] *** DEADLOCK *** [ 126.645220][ T6548] [ 126.653358][ T6548] 3 locks held by syz-executor377/6548: [ 126.658902][ T6548] #0: ffff88802778c368 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x254/0x2f0 [ 126.668137][ T6548] #1: ffff8880747e1cb0 (&sb->s_type->i_mutex_key#14){++++}-{3:3}, at: iterate_dir+0x135/0x570 [ 126.678499][ T6548] #2: ffff88807c2640e0 (&sbi->s_lock){+.+.}-{3:3}, at: exfat_iterate+0x171/0x3370 [ 126.687834][ T6548] [ 126.687834][ T6548] stack backtrace: [ 126.693720][ T6548] CPU: 0 PID: 6548 Comm: syz-executor377 Not tainted 6.3.0-rc3-syzkaller #0 [ 126.702388][ T6548] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 126.712436][ T6548] Call Trace: [ 126.715747][ T6548] [ 126.718681][ T6548] dump_stack_lvl+0x1e7/0x2d0 [ 126.723365][ T6548] ? nf_tcp_handle_invalid+0x650/0x650 [ 126.728831][ T6548] ? print_circular_bug+0x12b/0x1a0 [ 126.734033][ T6548] check_noncircular+0x2fe/0x3b0 [ 126.738988][ T6548] ? add_chain_block+0x850/0x850 [ 126.743923][ T6548] ? lockdep_lock+0x123/0x2b0 [ 126.748627][ T6548] ? rcu_lock_release+0x5/0x30 [ 126.753393][ T6548] ? __lock_acquire+0x1f80/0x1f80 [ 126.758501][ T6548] ? _find_first_zero_bit+0xd4/0x100 [ 126.763797][ T6548] validate_chain+0x166b/0x58e0 [ 126.768650][ T6548] ? validate_chain+0x119/0x58e0 [ 126.773604][ T6548] ? kernel_text_address+0xa3/0xe0 [ 126.778730][ T6548] ? unwind_get_return_address+0x4d/0x90 [ 126.784368][ T6548] ? reacquire_held_locks+0x660/0x660 [ 126.789830][ T6548] ? arch_stack_walk+0xf7/0x140 [ 126.794864][ T6548] ? reacquire_held_locks+0x660/0x660 [ 126.800240][ T6548] ? stack_trace_save+0x117/0x1c0 [ 126.805265][ T6548] ? stack_trace_snprint+0xf0/0xf0 [ 126.810375][ T6548] ? validate_chain+0x119/0x58e0 [ 126.815312][ T6548] ? mark_lock+0x9a/0x340 [ 126.819635][ T6548] __lock_acquire+0x125b/0x1f80 [ 126.824493][ T6548] lock_acquire+0x1e1/0x520 [ 126.828991][ T6548] ? exc_page_fault+0x486/0x7c0 [ 126.833843][ T6548] ? read_lock_is_recursive+0x20/0x20 [ 126.839226][ T6548] ? filldir64+0x30b/0x720 [ 126.843645][ T6548] ? __might_sleep+0xc0/0xc0 [ 126.848232][ T6548] ? search_extable+0xb3/0x100 [ 126.852993][ T6548] ? trim_init_extable+0x3c0/0x3c0 [ 126.858107][ T6548] down_read+0x3d/0x50 [ 126.862178][ T6548] ? exc_page_fault+0x486/0x7c0 [ 126.867030][ T6548] exc_page_fault+0x486/0x7c0 [ 126.871704][ T6548] asm_exc_page_fault+0x26/0x30 [ 126.876557][ T6548] RIP: 0010:filldir64+0x30b/0x720 [ 126.881581][ T6548] Code: 48 29 eb 48 89 df 4c 89 e6 e8 11 86 95 ff 85 ed 0f 88 48 02 00 00 4c 39 e3 0f 82 3f 02 00 00 0f 01 cb 0f ae e8 48 8b 44 24 58 <49> 89 44 24 08 48 8b 4c 24 10 48 8b 44 24 50 48 89 01 48 8b 44 24 [ 126.901188][ T6548] RSP: 0018:ffffc9000543f6c8 EFLAGS: 00050206 [ 126.907254][ T6548] RAX: 0000000000000000 RBX: 00007fffffffefe8 RCX: ffff8880275dba80 [ 126.915237][ T6548] RDX: ffff8880275dba80 RSI: 0000000000000000 RDI: 00007fffffffefe8 [ 126.923217][ T6548] RBP: 0000000000000018 R08: ffffffff81f4e91f R09: 0000000000000004 [ 126.931182][ T6548] R10: 0000000000000003 R11: ffff8880275dba80 R12: 0000000000000000 [ 126.939150][ T6548] R13: ffffc9000543fe70 R14: 0000000000000001 R15: ffffffff8afed560 [ 126.947119][ T6548] ? filldir64+0x2ef/0x720 [ 126.951542][ T6548] ? filldir64+0x2ef/0x720 [ 126.955971][ T6548] ? filldir+0x720/0x720 [ 126.960226][ T6548] exfat_iterate+0x2b8/0x3370 [ 126.964914][ T6548] ? validate_chain+0x119/0x58e0 [ 126.969849][ T6548] ? validate_chain+0x119/0x58e0 [ 126.974788][ T6548] ? mark_lock+0x9a/0x340 [ 126.979115][ T6548] ? reacquire_held_locks+0x660/0x660 [ 126.984481][ T6548] ? register_lock_class+0x104/0x990 [ 126.989857][ T6548] ? reacquire_held_locks+0x660/0x660 [ 126.995229][ T6548] ? exfat_check_dir_empty+0x500/0x500 [ 127.000692][ T6548] ? reacquire_held_locks+0x660/0x660 [ 127.006062][ T6548] ? mark_lock+0x9a/0x340 [ 127.010389][ T6548] ? __lock_acquire+0x125b/0x1f80 [ 127.015425][ T6548] ? look_up_lock_class+0x77/0x140 [ 127.020543][ T6548] ? register_lock_class+0x104/0x990 [ 127.025832][ T6548] ? is_dynamic_key+0x1f0/0x1f0 [ 127.030678][ T6548] ? mark_lock+0x9a/0x340 [ 127.035013][ T6548] ? __lock_acquire+0x125b/0x1f80 [ 127.040140][ T6548] ? read_lock_is_recursive+0x20/0x20 [ 127.045511][ T6548] ? __lock_acquire+0x1f80/0x1f80 [ 127.050619][ T6548] ? __down_write_common+0x161/0x200 [ 127.055905][ T6548] ? __fdget_pos+0x254/0x2f0 [ 127.060526][ T6548] ? iterate_dir+0x135/0x570 [ 127.065115][ T6548] iterate_dir+0x228/0x570 [ 127.069540][ T6548] __se_sys_getdents64+0x20d/0x4f0 [ 127.074840][ T6548] ? _raw_spin_unlock_irq+0x2e/0x50 [ 127.080047][ T6548] ? __x64_sys_getdents64+0x80/0x80 [ 127.085262][ T6548] ? filldir+0x720/0x720 [ 127.089519][ T6548] ? syscall_enter_from_user_mode+0x32/0x260 [ 127.095589][ T6548] ? syscall_enter_from_user_mode+0x8c/0x260 [ 127.101568][ T6548] do_syscall_64+0x41/0xc0 [ 127.105993][ T6548] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 127.111904][ T6548] RIP: 0033:0x7f265ea7dab9 [ 127.116316][ T6548] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 127.135923][ T6548] RSP: 002b:00007f2656628208 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 127.144349][ T6548] RAX: ffffffffffffffda RBX: 00007f265eb037b8 RCX: 00007f265ea7dab9 [ 127.152334][ T6548] RDX: 0000000000008008 RSI: 0000000000000000 RDI: 0000000000000006 [ 127.160307][ T6548] RBP: 00007f265eb037b0 R08: 0000000000000000 R09: 0000000000000000 [ 127.168285][ T6548] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f265eb037bc [ 127.176263][ T6548] R13: 00007ffc20585adf R14: 00007f2656628300 R15: 0000000000022000 [pid 6548] <... getdents64 resumed> ) = ? [pid 6548] +++ exited with 0 +++ [pid 6546] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6546, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./488", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./488", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./488/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./488/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./488/binderfs") = 0 umount2("./488/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./488/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./488/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./488/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./488/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./488/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./488") = 0 mkdir("./489", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6549 ./strace-static-x86_64: Process 6549 attached [pid 6549] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6549] chdir("./489") = 0 [pid 6549] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6549] setpgid(0, 0) = 0 [pid 6549] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6549] write(3, "1000", 4) = 4 [pid 6549] close(3) = 0 [pid 6549] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6549] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6549] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6549] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6549] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6550], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6550 [pid 6549] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6549] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6550 attached [pid 6550] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6550] memfd_create("syzkaller", 0) = 3 [pid 6550] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6550] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6550] munmap(0x7f2656609000, 131072) = 0 [pid 6550] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 127.184249][ T6548] [pid 6550] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6550] close(3) = 0 [pid 6550] mkdir("./file2", 0777) = 0 [pid 6550] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6550] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6550] chdir("./file2") = 0 [pid 6550] ioctl(4, LOOP_CLR_FD) = 0 [pid 6550] close(4) = 0 [pid 6550] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6549] <... futex resumed>) = 0 [pid 6549] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6549] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6550] <... futex resumed>) = 1 [pid 6550] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6550] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6549] <... futex resumed>) = 0 [pid 6549] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6549] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6550] <... futex resumed>) = 1 [pid 6550] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6550] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6549] <... futex resumed>) = 0 [pid 6549] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6549] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6550] <... futex resumed>) = 1 [pid 6550] write(4, "\x00\x00", 2) = 2 [pid 6550] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6549] <... futex resumed>) = 0 [pid 6549] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6549] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6549] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6549] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6549] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6551], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6551 ./strace-static-x86_64: Process 6551 attached [pid 6549] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6549] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6550] <... futex resumed>) = 1 [pid 6550] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6551] set_robust_list(0x7f26566289e0, 24 [pid 6550] <... mmap resumed>) = 0x20000000 [pid 6550] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6550] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6551] <... set_robust_list resumed>) = 0 [pid 6551] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6551] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6551] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6549] <... futex resumed>) = 0 [pid 6549] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6549] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6550] <... futex resumed>) = 0 [pid 6550] getdents64(-1, [pid 6551] <... futex resumed>) = 1 [pid 6550] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6551] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6550] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6549] <... futex resumed>) = 0 [pid 6549] exit_group(0) = ? [pid 6551] <... futex resumed>) = ? [pid 6550] <... futex resumed>) = ? [pid 6551] +++ exited with 0 +++ [pid 6550] +++ exited with 0 +++ [pid 6549] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6549, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./489", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./489", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./489/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./489/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./489/binderfs") = 0 umount2("./489/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./489/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./489/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./489/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./489/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./489/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./489") = 0 mkdir("./490", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6552 ./strace-static-x86_64: Process 6552 attached [pid 6552] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6552] chdir("./490") = 0 [pid 6552] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6552] setpgid(0, 0) = 0 [pid 6552] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6552] write(3, "1000", 4) = 4 [pid 6552] close(3) = 0 [pid 6552] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6552] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6552] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6552] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6552] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6553], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6553 [pid 6552] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6552] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6553 attached [ 127.222995][ T6550] loop0: detected capacity change from 0 to 256 [ 127.232265][ T6550] exfat: Deprecated parameter 'utf8' [ 127.240853][ T6550] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6553] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6553] memfd_create("syzkaller", 0) = 3 [pid 6553] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6553] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6553] munmap(0x7f2656609000, 131072) = 0 [pid 6553] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6553] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6553] close(3) = 0 [pid 6553] mkdir("./file2", 0777) = 0 [pid 6553] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6553] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6553] chdir("./file2") = 0 [pid 6553] ioctl(4, LOOP_CLR_FD) = 0 [pid 6553] close(4) = 0 [pid 6553] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6552] <... futex resumed>) = 0 [pid 6552] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6553] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6552] <... futex resumed>) = 0 [pid 6552] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6553] <... openat resumed>) = 4 [pid 6553] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6552] <... futex resumed>) = 0 [pid 6552] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6552] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6553] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6553] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6552] <... futex resumed>) = 0 [pid 6552] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6552] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6553] write(4, "\x00\x00", 2) = 2 [pid 6553] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6552] <... futex resumed>) = 0 [pid 6552] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6552] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6552] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6552] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6552] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6554 attached , parent_tid=[6554], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6554 [pid 6554] set_robust_list(0x7f26566289e0, 24 [pid 6552] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6554] <... set_robust_list resumed>) = 0 [pid 6552] <... futex resumed>) = 0 [pid 6554] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6552] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6553] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6553] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6554] <... openat resumed>) = 6 [pid 6554] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6552] <... futex resumed>) = 0 [pid 6554] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6552] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6552] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6553] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 6553] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6552] <... futex resumed>) = 0 [pid 6552] exit_group(0 [pid 6554] <... futex resumed>) = ? [pid 6552] <... exit_group resumed>) = ? [pid 6554] +++ exited with 0 +++ [pid 6553] +++ exited with 0 +++ [pid 6552] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6552, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./490", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./490", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./490/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./490/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./490/binderfs") = 0 umount2("./490/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./490/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./490/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./490/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./490/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./490/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./490") = 0 mkdir("./491", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 127.309457][ T6553] loop0: detected capacity change from 0 to 256 [ 127.318789][ T6553] exfat: Deprecated parameter 'utf8' [ 127.327735][ T6553] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6555 ./strace-static-x86_64: Process 6555 attached [pid 6555] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6555] chdir("./491") = 0 [pid 6555] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6555] setpgid(0, 0) = 0 [pid 6555] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6555] write(3, "1000", 4) = 4 [pid 6555] close(3) = 0 [pid 6555] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6555] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6555] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6555] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6555] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6556], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6556 [pid 6555] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6555] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6556 attached [pid 6556] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6556] memfd_create("syzkaller", 0) = 3 [pid 6556] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6556] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6556] munmap(0x7f2656609000, 131072) = 0 [pid 6556] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6556] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6556] close(3) = 0 [pid 6556] mkdir("./file2", 0777) = 0 [pid 6556] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6556] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6556] chdir("./file2") = 0 [pid 6556] ioctl(4, LOOP_CLR_FD) = 0 [pid 6556] close(4) = 0 [pid 6556] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6555] <... futex resumed>) = 0 [pid 6555] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6555] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6556] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6556] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6556] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6555] <... futex resumed>) = 0 [pid 6555] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6555] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6556] <... futex resumed>) = 0 [pid 6556] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6556] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6555] <... futex resumed>) = 0 [pid 6556] <... futex resumed>) = 1 [pid 6555] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6556] write(4, "\x00\x00", 2 [pid 6555] <... futex resumed>) = 0 [pid 6555] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6556] <... write resumed>) = 2 [pid 6556] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6555] <... futex resumed>) = 0 [pid 6556] <... futex resumed>) = 1 [pid 6555] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6556] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6555] <... futex resumed>) = 0 [pid 6555] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6555] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6556] <... mmap resumed>) = 0x20000000 [pid 6555] <... mmap resumed>) = 0x7f2656608000 [pid 6556] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6555] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6556] <... futex resumed>) = 0 [pid 6555] <... mprotect resumed>) = 0 [pid 6555] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6557], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6557 [pid 6555] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6557 attached ) = 0 [pid 6555] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6556] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6557] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6557] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6557] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6557] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6555] <... futex resumed>) = 0 [pid 6555] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6555] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6556] <... futex resumed>) = 0 [pid 6556] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6556] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6555] <... futex resumed>) = 0 [pid 6555] exit_group(0) = ? [pid 6556] <... futex resumed>) = ? [pid 6557] +++ exited with 0 +++ [pid 6556] +++ exited with 0 +++ [pid 6555] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6555, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./491", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./491", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./491/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./491/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./491/binderfs") = 0 umount2("./491/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./491/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./491/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./491/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./491/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./491/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./491") = 0 mkdir("./492", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6558 ./strace-static-x86_64: Process 6558 attached [pid 6558] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6558] chdir("./492") = 0 [pid 6558] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6558] setpgid(0, 0) = 0 [pid 6558] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6558] write(3, "1000", 4) = 4 [pid 6558] close(3) = 0 [ 127.403142][ T6556] loop0: detected capacity change from 0 to 256 [ 127.412539][ T6556] exfat: Deprecated parameter 'utf8' [ 127.422018][ T6556] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6558] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6558] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6558] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6558] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6558] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6559], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6559 [pid 6558] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6558] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6559 attached [pid 6559] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6559] memfd_create("syzkaller", 0) = 3 [pid 6559] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6559] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6559] munmap(0x7f2656609000, 131072) = 0 [pid 6559] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6559] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6559] close(3) = 0 [pid 6559] mkdir("./file2", 0777) = 0 [pid 6559] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6559] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6559] chdir("./file2") = 0 [pid 6559] ioctl(4, LOOP_CLR_FD) = 0 [pid 6559] close(4) = 0 [pid 6559] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6558] <... futex resumed>) = 0 [pid 6558] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6558] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6559] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6559] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6558] <... futex resumed>) = 0 [pid 6558] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6558] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6559] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6559] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6558] <... futex resumed>) = 0 [pid 6558] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6558] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6559] write(4, "\x00\x00", 2) = 2 [pid 6559] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6558] <... futex resumed>) = 0 [pid 6558] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6558] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6558] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6558] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6558] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6560], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6560 [pid 6558] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6558] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6559] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6559] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6559] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6560 attached [pid 6560] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6560] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6560] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6560] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6558] <... futex resumed>) = 0 [pid 6558] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6558] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6559] <... futex resumed>) = 0 [pid 6559] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6559] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6558] <... futex resumed>) = 0 [pid 6559] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6558] exit_group(0 [pid 6559] <... futex resumed>) = ? [pid 6558] <... exit_group resumed>) = ? [pid 6559] +++ exited with 0 +++ [pid 6560] +++ exited with 0 +++ [pid 6558] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6558, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./492", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./492", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./492/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./492/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./492/binderfs") = 0 umount2("./492/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./492/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./492/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./492/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./492/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./492/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./492") = 0 mkdir("./493", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6561 ./strace-static-x86_64: Process 6561 attached [pid 6561] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6561] chdir("./493") = 0 [pid 6561] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6561] setpgid(0, 0) = 0 [pid 6561] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6561] write(3, "1000", 4) = 4 [pid 6561] close(3) = 0 [pid 6561] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6561] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6561] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6561] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6561] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6562], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6562 [pid 6561] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6561] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6562 attached [pid 6562] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6562] memfd_create("syzkaller", 0) = 3 [pid 6562] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6562] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6562] munmap(0x7f2656609000, 131072) = 0 [pid 6562] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 127.490079][ T6559] loop0: detected capacity change from 0 to 256 [ 127.498426][ T6559] exfat: Deprecated parameter 'utf8' [ 127.507863][ T6559] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6562] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6562] close(3) = 0 [pid 6562] mkdir("./file2", 0777) = 0 [pid 6562] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6562] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6562] chdir("./file2") = 0 [pid 6562] ioctl(4, LOOP_CLR_FD) = 0 [pid 6562] close(4) = 0 [pid 6562] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6561] <... futex resumed>) = 0 [pid 6561] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6561] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6562] <... futex resumed>) = 1 [pid 6562] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6562] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6561] <... futex resumed>) = 0 [pid 6561] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6561] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6562] <... futex resumed>) = 1 [pid 6562] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6562] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6561] <... futex resumed>) = 0 [pid 6561] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6561] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6562] <... futex resumed>) = 1 [pid 6562] write(4, "\x00\x00", 2) = 2 [pid 6562] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6561] <... futex resumed>) = 0 [pid 6561] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6562] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6561] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6561] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6562] <... mmap resumed>) = 0x20000000 [pid 6561] <... mmap resumed>) = 0x7f2656608000 [pid 6562] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6561] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6562] <... futex resumed>) = 0 [pid 6561] <... mprotect resumed>) = 0 [pid 6561] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6562] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6563 attached [pid 6561] <... clone resumed>, parent_tid=[6563], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6563 [pid 6563] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6563] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6561] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6563] <... futex resumed>) = 0 [pid 6563] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6563] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6561] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6563] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6563] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6561] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6561] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6562] <... futex resumed>) = 0 [pid 6561] <... futex resumed>) = 1 [pid 6562] getdents64(-1, [pid 6561] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6562] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6562] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6561] <... futex resumed>) = 0 [pid 6561] exit_group(0) = ? [pid 6563] <... futex resumed>) = ? [pid 6563] +++ exited with 0 +++ [pid 6562] +++ exited with 0 +++ [pid 6561] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6561, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./493", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./493", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./493/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./493/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./493/binderfs") = 0 umount2("./493/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./493/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./493/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./493/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./493/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./493/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./493") = 0 mkdir("./494", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 127.562423][ T6562] loop0: detected capacity change from 0 to 256 [ 127.570906][ T6562] exfat: Deprecated parameter 'utf8' [ 127.579137][ T6562] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6564 attached [pid 6564] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6564] chdir("./494") = 0 [pid 6564] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6564] setpgid(0, 0 [pid 5078] <... clone resumed>, child_tidptr=0x555556b3a6d0) = 6564 [pid 6564] <... setpgid resumed>) = 0 [pid 6564] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6564] write(3, "1000", 4) = 4 [pid 6564] close(3) = 0 [pid 6564] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6564] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6564] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6564] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6564] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6565], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6565 [pid 6564] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6564] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6565 attached [pid 6565] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6565] memfd_create("syzkaller", 0) = 3 [pid 6565] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6565] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6565] munmap(0x7f2656609000, 131072) = 0 [pid 6565] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6565] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6565] close(3) = 0 [pid 6565] mkdir("./file2", 0777) = 0 [pid 6565] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6565] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6565] chdir("./file2") = 0 [pid 6565] ioctl(4, LOOP_CLR_FD) = 0 [pid 6565] close(4) = 0 [pid 6565] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6565] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6564] <... futex resumed>) = 0 [pid 6564] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6564] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6565] <... futex resumed>) = 0 [pid 6565] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6565] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6564] <... futex resumed>) = 0 [pid 6565] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6564] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6564] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6565] <... openat resumed>) = 5 [pid 6565] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6564] <... futex resumed>) = 0 [pid 6565] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6564] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6565] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6564] <... futex resumed>) = 0 [pid 6565] write(4, "\x00\x00", 2 [pid 6564] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6565] <... write resumed>) = 2 [pid 6565] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6564] <... futex resumed>) = 0 [pid 6565] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6564] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6564] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6564] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6565] <... mmap resumed>) = 0x20000000 [pid 6565] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6565] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6564] <... mmap resumed>) = 0x7f2656608000 [pid 6564] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6564] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6566 attached , parent_tid=[6566], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6566 [pid 6564] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6566] set_robust_list(0x7f26566289e0, 24 [pid 6564] <... futex resumed>) = 0 [pid 6566] <... set_robust_list resumed>) = 0 [pid 6564] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6566] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6566] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6566] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6566] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6564] <... futex resumed>) = 0 [pid 6564] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6564] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6565] <... futex resumed>) = 0 [pid 6565] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6565] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6564] <... futex resumed>) = 0 [pid 6565] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6564] exit_group(0 [pid 6565] <... futex resumed>) = ? [pid 6564] <... exit_group resumed>) = ? [pid 6565] +++ exited with 0 +++ [pid 6566] <... futex resumed>) = ? [pid 6566] +++ exited with 0 +++ [pid 6564] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6564, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./494", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./494", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./494/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./494/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./494/binderfs") = 0 umount2("./494/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./494/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./494/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./494/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./494/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./494/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./494") = 0 mkdir("./495", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6567 ./strace-static-x86_64: Process 6567 attached [pid 6567] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6567] chdir("./495") = 0 [pid 6567] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6567] setpgid(0, 0) = 0 [pid 6567] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6567] write(3, "1000", 4) = 4 [pid 6567] close(3) = 0 [pid 6567] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6567] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6567] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6567] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6567] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6568 attached [pid 6568] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6568] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6567] <... clone resumed>, parent_tid=[6568], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6568 [pid 6567] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6568] <... futex resumed>) = 0 [ 127.658640][ T6565] loop0: detected capacity change from 0 to 256 [ 127.666702][ T6565] exfat: Deprecated parameter 'utf8' [ 127.675816][ T6565] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6567] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6568] memfd_create("syzkaller", 0) = 3 [pid 6568] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6568] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6568] munmap(0x7f2656609000, 131072) = 0 [pid 6568] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6568] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6568] close(3) = 0 [pid 6568] mkdir("./file2", 0777) = 0 [pid 6568] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6568] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6568] chdir("./file2") = 0 [pid 6568] ioctl(4, LOOP_CLR_FD) = 0 [pid 6568] close(4) = 0 [pid 6568] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6567] <... futex resumed>) = 0 [pid 6567] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6568] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6567] <... futex resumed>) = 0 [pid 6567] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6568] <... openat resumed>) = 4 [pid 6568] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6567] <... futex resumed>) = 0 [pid 6567] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6567] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6568] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6568] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6567] <... futex resumed>) = 0 [pid 6568] write(4, "\x00\x00", 2 [pid 6567] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6567] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6568] <... write resumed>) = 2 [pid 6568] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6567] <... futex resumed>) = 0 [pid 6567] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6567] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6567] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6567] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6567] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6569 attached , parent_tid=[6569], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6569 [pid 6569] set_robust_list(0x7f26566289e0, 24 [pid 6567] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6569] <... set_robust_list resumed>) = 0 [pid 6567] <... futex resumed>) = 0 [pid 6567] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6568] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6569] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6568] <... mmap resumed>) = 0x20000000 [pid 6568] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6568] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6569] <... openat resumed>) = 6 [pid 6569] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6567] <... futex resumed>) = 0 [pid 6569] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6567] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6567] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6568] <... futex resumed>) = 0 [pid 6568] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 6568] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6567] <... futex resumed>) = 0 [pid 6568] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6567] exit_group(0 [pid 6568] <... futex resumed>) = ? [pid 6567] <... exit_group resumed>) = ? [pid 6569] <... futex resumed>) = ? [pid 6569] +++ exited with 0 +++ [pid 6568] +++ exited with 0 +++ [pid 6567] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6567, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./495", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./495", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./495/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./495/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./495/binderfs") = 0 [ 127.743793][ T6568] loop0: detected capacity change from 0 to 256 [ 127.752799][ T6568] exfat: Deprecated parameter 'utf8' [ 127.762045][ T6568] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./495/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./495/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./495/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./495/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./495/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./495/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./495") = 0 mkdir("./496", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6570 ./strace-static-x86_64: Process 6570 attached [pid 6570] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6570] chdir("./496") = 0 [pid 6570] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6570] setpgid(0, 0) = 0 [pid 6570] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6570] write(3, "1000", 4) = 4 [pid 6570] close(3) = 0 [pid 6570] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6570] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6570] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6570] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6570] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6571], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6571 [pid 6570] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6570] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6571 attached [pid 6571] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6571] memfd_create("syzkaller", 0) = 3 [pid 6571] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6571] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6571] munmap(0x7f2656609000, 131072) = 0 [pid 6571] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6571] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6571] close(3) = 0 [pid 6571] mkdir("./file2", 0777) = 0 [pid 6571] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6571] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6571] chdir("./file2") = 0 [pid 6571] ioctl(4, LOOP_CLR_FD) = 0 [pid 6571] close(4) = 0 [pid 6571] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6570] <... futex resumed>) = 0 [pid 6571] <... futex resumed>) = 1 [pid 6570] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6570] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6571] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6571] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6570] <... futex resumed>) = 0 [pid 6571] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6570] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6570] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6571] <... openat resumed>) = 5 [pid 6571] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6570] <... futex resumed>) = 0 [pid 6571] <... futex resumed>) = 1 [pid 6571] write(4, "\x00\x00", 2 [pid 6570] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6571] <... write resumed>) = 2 [pid 6570] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6571] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6570] <... futex resumed>) = 0 [pid 6571] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6570] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6570] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6570] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6571] <... mmap resumed>) = 0x20000000 [pid 6571] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6571] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6570] <... mmap resumed>) = 0x7f2656608000 [pid 6570] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6570] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6572], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6572 ./strace-static-x86_64: Process 6572 attached [pid 6570] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6572] set_robust_list(0x7f26566289e0, 24 [pid 6570] <... futex resumed>) = 0 [pid 6572] <... set_robust_list resumed>) = 0 [pid 6570] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6572] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6572] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6572] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6570] <... futex resumed>) = 0 [pid 6572] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6570] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6570] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6571] <... futex resumed>) = 0 [pid 6571] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6571] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6570] <... futex resumed>) = 0 [pid 6571] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6570] exit_group(0 [pid 6571] <... futex resumed>) = ? [pid 6570] <... exit_group resumed>) = ? [pid 6571] +++ exited with 0 +++ [pid 6572] <... futex resumed>) = ? [pid 6572] +++ exited with 0 +++ [pid 6570] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6570, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./496", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./496", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./496/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./496/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./496/binderfs") = 0 umount2("./496/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./496/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./496/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./496/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./496/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./496/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./496") = 0 mkdir("./497", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6573 attached [pid 6573] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6573] chdir("./497") = 0 [pid 6573] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6573] setpgid(0, 0) = 0 [pid 6573] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6573] write(3, "1000", 4) = 4 [pid 6573] close(3) = 0 [pid 6573] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6573] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6573] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6573] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6573] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6574], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6574 [pid 6573] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6573] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6574 attached [pid 6574] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6574] memfd_create("syzkaller", 0) = 3 [pid 6574] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6574] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5078] <... clone resumed>, child_tidptr=0x555556b3a6d0) = 6573 [pid 6574] <... write resumed>) = 131072 [ 127.849693][ T6571] loop0: detected capacity change from 0 to 256 [ 127.857468][ T6571] exfat: Deprecated parameter 'utf8' [ 127.866952][ T6571] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6574] munmap(0x7f2656609000, 131072) = 0 [pid 6574] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6574] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6574] close(3) = 0 [pid 6574] mkdir("./file2", 0777) = 0 [pid 6574] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6574] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6574] chdir("./file2") = 0 [pid 6574] ioctl(4, LOOP_CLR_FD) = 0 [pid 6574] close(4) = 0 [pid 6574] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6573] <... futex resumed>) = 0 [pid 6573] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6573] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6574] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6574] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6573] <... futex resumed>) = 0 [pid 6573] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6573] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6574] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6574] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6573] <... futex resumed>) = 0 [pid 6573] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6573] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6574] write(4, "\x00\x00", 2) = 2 [pid 6574] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6573] <... futex resumed>) = 0 [pid 6573] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6573] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6573] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6574] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6573] <... mmap resumed>) = 0x7f2656608000 [pid 6573] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6574] <... mmap resumed>) = 0x20000000 [pid 6573] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6575], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6575 [pid 6574] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6573] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6573] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6574] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6575 attached [pid 6575] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6575] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6575] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6575] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6573] <... futex resumed>) = 0 [pid 6573] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6573] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6575] <... futex resumed>) = 1 [pid 6575] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6574] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6574] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6573] <... futex resumed>) = 0 [pid 6573] exit_group(0) = ? [pid 6575] <... futex resumed>) = ? [pid 6575] +++ exited with 0 +++ [pid 6574] +++ exited with 0 +++ [pid 6573] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6573, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./497", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./497", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./497/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./497/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./497/binderfs") = 0 umount2("./497/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./497/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./497/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./497/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./497/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./497/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./497") = 0 mkdir("./498", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6576 ./strace-static-x86_64: Process 6576 attached [pid 6576] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6576] chdir("./498") = 0 [pid 6576] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6576] setpgid(0, 0) = 0 [pid 6576] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6576] write(3, "1000", 4) = 4 [pid 6576] close(3) = 0 [pid 6576] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6576] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6576] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6576] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6576] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6577 attached , parent_tid=[6577], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6577 [pid 6577] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6577] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6576] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6577] <... futex resumed>) = 0 [pid 6577] memfd_create("syzkaller", 0) = 3 [ 127.931577][ T6574] loop0: detected capacity change from 0 to 256 [ 127.941137][ T6574] exfat: Deprecated parameter 'utf8' [ 127.950273][ T6574] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6577] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6576] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6577] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6577] munmap(0x7f2656609000, 131072) = 0 [pid 6577] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6577] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6577] close(3) = 0 [pid 6577] mkdir("./file2", 0777) = 0 [pid 6577] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6577] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6577] chdir("./file2") = 0 [pid 6577] ioctl(4, LOOP_CLR_FD) = 0 [pid 6577] close(4) = 0 [pid 6577] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6577] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6576] <... futex resumed>) = 0 [pid 6576] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6577] <... futex resumed>) = 0 [pid 6577] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6576] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6577] <... openat resumed>) = 4 [pid 6577] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6577] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6576] <... futex resumed>) = 0 [pid 6576] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6577] <... futex resumed>) = 0 [pid 6577] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6576] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6577] <... openat resumed>) = 5 [pid 6577] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6577] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6576] <... futex resumed>) = 0 [pid 6576] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6577] <... futex resumed>) = 0 [pid 6576] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6577] write(4, "\x00\x00", 2) = 2 [pid 6577] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6576] <... futex resumed>) = 0 [pid 6577] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6576] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6576] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6576] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6577] <... mmap resumed>) = 0x20000000 [pid 6577] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6577] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6576] <... mmap resumed>) = 0x7f2656608000 [pid 6576] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6576] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6578 attached , parent_tid=[6578], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6578 [pid 6578] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6578] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6576] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6578] <... futex resumed>) = 0 [pid 6576] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6578] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6578] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6578] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6578] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6576] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6576] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6577] <... futex resumed>) = 0 [pid 6576] <... futex resumed>) = 1 [pid 6577] getdents64(-1, [pid 6576] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6577] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6577] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6576] <... futex resumed>) = 0 [pid 6577] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6576] exit_group(0 [pid 6577] <... futex resumed>) = ? [pid 6576] <... exit_group resumed>) = ? [pid 6577] +++ exited with 0 +++ [pid 6578] <... futex resumed>) = ? [pid 6578] +++ exited with 0 +++ [pid 6576] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6576, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./498", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./498", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./498/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./498/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./498/binderfs") = 0 umount2("./498/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./498/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./498/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./498/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./498/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./498/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./498") = 0 mkdir("./499", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6579 attached , child_tidptr=0x555556b3a6d0) = 6579 [pid 6579] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6579] chdir("./499") = 0 [pid 6579] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6579] setpgid(0, 0) = 0 [ 128.015166][ T6577] loop0: detected capacity change from 0 to 256 [ 128.023812][ T6577] exfat: Deprecated parameter 'utf8' [ 128.032864][ T6577] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6579] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6579] write(3, "1000", 4) = 4 [pid 6579] close(3) = 0 [pid 6579] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6579] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6579] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6579] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6579] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6580 attached , parent_tid=[6580], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6580 [pid 6580] set_robust_list(0x7f265ea299e0, 24 [pid 6579] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6580] <... set_robust_list resumed>) = 0 [pid 6579] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6580] memfd_create("syzkaller", 0) = 3 [pid 6580] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6580] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6580] munmap(0x7f2656609000, 131072) = 0 [pid 6580] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6580] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6580] close(3) = 0 [pid 6580] mkdir("./file2", 0777) = 0 [pid 6580] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6580] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6580] chdir("./file2") = 0 [pid 6580] ioctl(4, LOOP_CLR_FD) = 0 [pid 6580] close(4) = 0 [pid 6580] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6579] <... futex resumed>) = 0 [pid 6579] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6579] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6580] <... futex resumed>) = 1 [pid 6580] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6580] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6579] <... futex resumed>) = 0 [pid 6579] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6579] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6580] <... futex resumed>) = 1 [pid 6580] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6580] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6579] <... futex resumed>) = 0 [pid 6579] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6579] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6580] <... futex resumed>) = 1 [pid 6580] write(4, "\x00\x00", 2) = 2 [pid 6580] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6579] <... futex resumed>) = 0 [pid 6579] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6579] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6579] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6579] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6579] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6581], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6581 [pid 6579] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6579] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6580] <... futex resumed>) = 1 [pid 6580] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6580] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6580] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6581 attached [pid 6581] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6581] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6581] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6581] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6579] <... futex resumed>) = 0 [pid 6579] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6579] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6580] <... futex resumed>) = 0 [pid 6580] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6580] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6579] <... futex resumed>) = 0 [pid 6579] exit_group(0) = ? [pid 6581] +++ exited with 0 +++ [pid 6580] <... futex resumed>) = ? [pid 6580] +++ exited with 0 +++ [pid 6579] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6579, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./499", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./499", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./499/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./499/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./499/binderfs") = 0 umount2("./499/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./499/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./499/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./499/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./499/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./499/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./499") = 0 mkdir("./500", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6582 ./strace-static-x86_64: Process 6582 attached [pid 6582] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6582] chdir("./500") = 0 [pid 6582] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6582] setpgid(0, 0) = 0 [pid 6582] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6582] write(3, "1000", 4) = 4 [pid 6582] close(3) = 0 [pid 6582] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6582] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 128.108446][ T6580] loop0: detected capacity change from 0 to 256 [ 128.116201][ T6580] exfat: Deprecated parameter 'utf8' [ 128.125406][ T6580] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6582] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6582] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6582] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6583], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6583 ./strace-static-x86_64: Process 6583 attached [pid 6583] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6583] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6582] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6583] <... futex resumed>) = 0 [pid 6583] memfd_create("syzkaller", 0 [pid 6582] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6583] <... memfd_create resumed>) = 3 [pid 6583] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6583] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6583] munmap(0x7f2656609000, 131072) = 0 [pid 6583] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6583] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6583] close(3) = 0 [pid 6583] mkdir("./file2", 0777) = 0 [pid 6583] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6583] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6583] chdir("./file2") = 0 [pid 6583] ioctl(4, LOOP_CLR_FD) = 0 [pid 6583] close(4) = 0 [pid 6583] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6582] <... futex resumed>) = 0 [pid 6582] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6582] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6583] <... futex resumed>) = 1 [pid 6583] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6583] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6582] <... futex resumed>) = 0 [pid 6582] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6582] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6583] <... futex resumed>) = 1 [pid 6583] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6583] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6582] <... futex resumed>) = 0 [pid 6582] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6583] <... futex resumed>) = 1 [pid 6582] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6583] write(4, "\x00\x00", 2) = 2 [pid 6583] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6582] <... futex resumed>) = 0 [pid 6582] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6582] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6582] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6582] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6583] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6582] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6584 attached [pid 6584] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6584] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6582] <... clone resumed>, parent_tid=[6584], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6584 [pid 6583] <... mmap resumed>) = 0x20000000 [pid 6582] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6582] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6584] <... futex resumed>) = 0 [pid 6584] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6584] openat(AT_FDCWD, "", O_RDONLY [pid 6583] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6584] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 6584] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6582] <... futex resumed>) = 0 [pid 6582] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6584] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6582] <... futex resumed>) = 0 [pid 6582] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6583] <... futex resumed>) = 1 [pid 6582] <... futex resumed>) = 0 [pid 6582] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 6583] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6583] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6582] <... futex resumed>) = 0 [pid 6582] exit_group(0) = ? [pid 6584] <... futex resumed>) = ? [pid 6584] +++ exited with 0 +++ [pid 6583] +++ exited with 0 +++ [pid 6582] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6582, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./500", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./500", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./500/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./500/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./500/binderfs") = 0 umount2("./500/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./500/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./500/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./500/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./500/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./500/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./500") = 0 mkdir("./501", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6585 ./strace-static-x86_64: Process 6585 attached [pid 6585] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6585] chdir("./501") = 0 [pid 6585] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6585] setpgid(0, 0) = 0 [pid 6585] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6585] write(3, "1000", 4) = 4 [pid 6585] close(3) = 0 [pid 6585] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6585] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6585] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6585] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6585] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6586 attached , parent_tid=[6586], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6586 [pid 6586] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6586] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6585] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6586] <... futex resumed>) = 0 [pid 6585] <... futex resumed>) = 1 [pid 6585] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6586] memfd_create("syzkaller", 0) = 3 [pid 6586] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6586] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6586] munmap(0x7f2656609000, 131072) = 0 [pid 6586] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 128.197219][ T6583] loop0: detected capacity change from 0 to 256 [ 128.204774][ T6583] exfat: Deprecated parameter 'utf8' [ 128.213715][ T6583] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6586] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6586] close(3) = 0 [pid 6586] mkdir("./file2", 0777) = 0 [pid 6586] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6586] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6586] chdir("./file2") = 0 [pid 6586] ioctl(4, LOOP_CLR_FD) = 0 [pid 6586] close(4) = 0 [pid 6586] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6585] <... futex resumed>) = 0 [pid 6586] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6585] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6585] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6586] <... openat resumed>) = 4 [pid 6586] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6585] <... futex resumed>) = 0 [pid 6586] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6585] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6586] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6585] <... futex resumed>) = 0 [pid 6585] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6586] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6586] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6585] <... futex resumed>) = 0 [pid 6586] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6585] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6586] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6585] <... futex resumed>) = 0 [pid 6586] write(4, "\x00\x00", 2 [pid 6585] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6586] <... write resumed>) = 2 [pid 6586] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6585] <... futex resumed>) = 0 [pid 6586] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6585] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6586] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6585] <... futex resumed>) = 0 [pid 6586] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6585] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6586] <... mmap resumed>) = 0x20000000 [pid 6585] <... futex resumed>) = 0 [pid 6586] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6585] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6586] <... futex resumed>) = 0 [pid 6585] <... mmap resumed>) = 0x7f2656608000 [pid 6586] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6585] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6585] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6587 attached , parent_tid=[6587], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6587 [pid 6587] set_robust_list(0x7f26566289e0, 24 [pid 6585] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6585] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6587] <... set_robust_list resumed>) = 0 [pid 6587] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6587] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6587] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6585] <... futex resumed>) = 0 [pid 6587] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6585] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6586] <... futex resumed>) = 0 [pid 6585] <... futex resumed>) = 1 [pid 6586] getdents64(-1, [pid 6585] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6586] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6586] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6585] <... futex resumed>) = 0 [pid 6586] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6585] exit_group(0 [pid 6587] <... futex resumed>) = ? [pid 6586] <... futex resumed>) = ? [pid 6585] <... exit_group resumed>) = ? [pid 6587] +++ exited with 0 +++ [pid 6586] +++ exited with 0 +++ [pid 6585] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6585, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./501", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./501", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./501/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./501/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./501/binderfs") = 0 umount2("./501/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./501/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./501/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./501/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./501/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./501/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./501") = 0 mkdir("./502", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 128.276426][ T6586] loop0: detected capacity change from 0 to 256 [ 128.284541][ T6586] exfat: Deprecated parameter 'utf8' [ 128.293666][ T6586] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6588 attached , child_tidptr=0x555556b3a6d0) = 6588 [pid 6588] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6588] chdir("./502") = 0 [pid 6588] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6588] setpgid(0, 0) = 0 [pid 6588] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6588] write(3, "1000", 4) = 4 [pid 6588] close(3) = 0 [pid 6588] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6588] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6588] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6588] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6588] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6589 attached , parent_tid=[6589], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6589 [pid 6589] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6589] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6588] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6589] <... futex resumed>) = 0 [pid 6589] memfd_create("syzkaller", 0 [pid 6588] <... futex resumed>) = 1 [pid 6588] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6589] <... memfd_create resumed>) = 3 [pid 6589] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6589] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6589] munmap(0x7f2656609000, 131072) = 0 [pid 6589] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6589] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6589] close(3) = 0 [pid 6589] mkdir("./file2", 0777) = 0 [pid 6589] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6589] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6589] chdir("./file2") = 0 [pid 6589] ioctl(4, LOOP_CLR_FD) = 0 [pid 6589] close(4) = 0 [pid 6589] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6588] <... futex resumed>) = 0 [pid 6589] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6588] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6589] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6588] <... futex resumed>) = 0 [pid 6588] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6589] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6589] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6588] <... futex resumed>) = 0 [pid 6589] <... futex resumed>) = 1 [pid 6588] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6589] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6588] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6589] <... openat resumed>) = 5 [pid 6589] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6588] <... futex resumed>) = 0 [pid 6588] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6588] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6589] write(4, "\x00\x00", 2) = 2 [pid 6589] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6588] <... futex resumed>) = 0 [pid 6588] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6588] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6588] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6588] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6588] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6590 attached , parent_tid=[6590], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6590 [pid 6590] set_robust_list(0x7f26566289e0, 24 [pid 6588] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6590] <... set_robust_list resumed>) = 0 [pid 6588] <... futex resumed>) = 0 [pid 6588] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6589] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6590] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6589] <... mmap resumed>) = 0x20000000 [pid 6589] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6590] <... openat resumed>) = 6 [pid 6589] <... futex resumed>) = 0 [pid 6590] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6588] <... futex resumed>) = 0 [pid 6590] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6588] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6588] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6589] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 6589] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6588] <... futex resumed>) = 0 [pid 6588] exit_group(0) = ? [pid 6590] <... futex resumed>) = ? [pid 6590] +++ exited with 0 +++ [pid 6589] +++ exited with 0 +++ [pid 6588] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6588, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./502", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./502", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./502/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./502/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./502/binderfs") = 0 umount2("./502/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./502/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./502/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./502/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./502/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./502/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./502") = 0 mkdir("./503", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 128.371675][ T6589] loop0: detected capacity change from 0 to 256 [ 128.380401][ T6589] exfat: Deprecated parameter 'utf8' [ 128.389644][ T6589] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6591 ./strace-static-x86_64: Process 6591 attached [pid 6591] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6591] chdir("./503") = 0 [pid 6591] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6591] setpgid(0, 0) = 0 [pid 6591] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6591] write(3, "1000", 4) = 4 [pid 6591] close(3) = 0 [pid 6591] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6591] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6591] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6591] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6591] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6592], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6592 [pid 6591] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6591] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6592 attached [pid 6592] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6592] memfd_create("syzkaller", 0) = 3 [pid 6592] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6592] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6592] munmap(0x7f2656609000, 131072) = 0 [pid 6592] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6592] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6592] close(3) = 0 [pid 6592] mkdir("./file2", 0777) = 0 [pid 6592] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6592] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6592] chdir("./file2") = 0 [pid 6592] ioctl(4, LOOP_CLR_FD) = 0 [pid 6592] close(4) = 0 [pid 6592] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6591] <... futex resumed>) = 0 [pid 6591] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6591] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6592] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6592] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6591] <... futex resumed>) = 0 [pid 6591] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6591] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6592] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6592] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6591] <... futex resumed>) = 0 [pid 6591] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6591] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6592] write(4, "\x00\x00", 2) = 2 [pid 6592] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6591] <... futex resumed>) = 0 [pid 6591] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6592] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6591] <... futex resumed>) = 0 [pid 6591] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6591] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6591] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6591] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6593 attached , parent_tid=[6593], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6593 [pid 6593] set_robust_list(0x7f26566289e0, 24 [pid 6591] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6592] <... mmap resumed>) = 0x20000000 [pid 6591] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6592] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6592] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6593] <... set_robust_list resumed>) = 0 [pid 6593] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6593] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6593] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6591] <... futex resumed>) = 0 [pid 6591] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6592] <... futex resumed>) = 0 [pid 6591] <... futex resumed>) = 1 [pid 6592] getdents64(-1, [pid 6591] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6592] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6592] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6591] <... futex resumed>) = 0 [pid 6592] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6591] exit_group(0 [pid 6592] <... futex resumed>) = ? [pid 6591] <... exit_group resumed>) = ? [pid 6592] +++ exited with 0 +++ [pid 6593] +++ exited with 0 +++ [pid 6591] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6591, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./503", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./503", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./503/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./503/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./503/binderfs") = 0 umount2("./503/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./503/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./503/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./503/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./503/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./503/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./503") = 0 [ 128.464835][ T6592] loop0: detected capacity change from 0 to 256 [ 128.474343][ T6592] exfat: Deprecated parameter 'utf8' [ 128.483617][ T6592] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) mkdir("./504", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6594 attached [pid 6594] set_robust_list(0x555556b3a6e0, 24 [pid 5078] <... clone resumed>, child_tidptr=0x555556b3a6d0) = 6594 [pid 6594] <... set_robust_list resumed>) = 0 [pid 6594] chdir("./504") = 0 [pid 6594] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6594] setpgid(0, 0) = 0 [pid 6594] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6594] write(3, "1000", 4) = 4 [pid 6594] close(3) = 0 [pid 6594] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6594] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6594] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6594] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6594] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6595], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6595 [pid 6594] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6594] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6595 attached [pid 6595] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6595] memfd_create("syzkaller", 0) = 3 [pid 6595] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6595] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6595] munmap(0x7f2656609000, 131072) = 0 [pid 6595] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6595] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6595] close(3) = 0 [pid 6595] mkdir("./file2", 0777) = 0 [pid 6595] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6595] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6595] chdir("./file2") = 0 [pid 6595] ioctl(4, LOOP_CLR_FD) = 0 [pid 6595] close(4) = 0 [pid 6595] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6595] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6594] <... futex resumed>) = 0 [pid 6594] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6594] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6595] <... futex resumed>) = 0 [pid 6595] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6595] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6594] <... futex resumed>) = 0 [pid 6594] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6594] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6595] <... futex resumed>) = 1 [pid 6595] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6595] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6594] <... futex resumed>) = 0 [pid 6594] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6594] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6595] <... futex resumed>) = 1 [pid 6595] write(4, "\x00\x00", 2) = 2 [pid 6595] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6594] <... futex resumed>) = 0 [pid 6594] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6594] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6594] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6594] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6594] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6596], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6596 [pid 6594] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6594] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6595] <... futex resumed>) = 1 [pid 6595] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0./strace-static-x86_64: Process 6596 attached [pid 6596] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6595] <... mmap resumed>) = 0x20000000 [pid 6595] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6595] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6596] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6596] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6596] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6594] <... futex resumed>) = 0 [pid 6594] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6594] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6595] <... futex resumed>) = 0 [pid 6595] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6595] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6594] <... futex resumed>) = 0 [pid 6594] exit_group(0) = ? [pid 6595] <... futex resumed>) = ? [pid 6595] +++ exited with 0 +++ [pid 6596] <... futex resumed>) = ? [pid 6596] +++ exited with 0 +++ [pid 6594] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6594, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./504", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./504", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./504/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./504/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./504/binderfs") = 0 umount2("./504/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./504/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./504/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./504/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./504/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./504/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./504") = 0 mkdir("./505", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6597 [ 128.562878][ T6595] loop0: detected capacity change from 0 to 256 [ 128.570994][ T6595] exfat: Deprecated parameter 'utf8' [ 128.579573][ T6595] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) ./strace-static-x86_64: Process 6597 attached [pid 6597] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6597] chdir("./505") = 0 [pid 6597] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6597] setpgid(0, 0) = 0 [pid 6597] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6597] write(3, "1000", 4) = 4 [pid 6597] close(3) = 0 [pid 6597] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6597] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6597] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6597] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6597] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6598 attached [pid 6598] set_robust_list(0x7f265ea299e0, 24 [pid 6597] <... clone resumed>, parent_tid=[6598], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6598 [pid 6598] <... set_robust_list resumed>) = 0 [pid 6597] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6597] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6598] memfd_create("syzkaller", 0) = 3 [pid 6598] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6598] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6598] munmap(0x7f2656609000, 131072) = 0 [pid 6598] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6598] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6598] close(3) = 0 [pid 6598] mkdir("./file2", 0777) = 0 [pid 6598] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6598] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6598] chdir("./file2") = 0 [pid 6598] ioctl(4, LOOP_CLR_FD) = 0 [pid 6598] close(4) = 0 [pid 6598] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6597] <... futex resumed>) = 0 [pid 6598] <... futex resumed>) = 1 [pid 6597] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6597] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6598] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6598] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6597] <... futex resumed>) = 0 [pid 6598] <... futex resumed>) = 1 [pid 6597] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6598] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6597] <... futex resumed>) = 0 [pid 6597] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6598] <... openat resumed>) = 5 [pid 6598] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6597] <... futex resumed>) = 0 [pid 6598] <... futex resumed>) = 1 [pid 6597] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6597] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6598] write(4, "\x00\x00", 2) = 2 [pid 6598] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6597] <... futex resumed>) = 0 [pid 6598] <... futex resumed>) = 1 [pid 6597] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6597] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6597] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6597] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6597] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6599], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6599 [pid 6597] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6597] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6598] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6598] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6598] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6599 attached [pid 6599] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6599] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6599] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6599] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6599] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6597] <... futex resumed>) = 0 [pid 6597] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6597] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6598] <... futex resumed>) = 0 [pid 6598] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6598] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6597] <... futex resumed>) = 0 [pid 6598] <... futex resumed>) = 1 [pid 6597] exit_group(0 [pid 6598] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6597] <... exit_group resumed>) = ? [pid 6598] <... futex resumed>) = ? [pid 6598] +++ exited with 0 +++ [pid 6599] <... futex resumed>) = ? [pid 6599] +++ exited with 0 +++ [pid 6597] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6597, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./505", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./505", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./505/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./505/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./505/binderfs") = 0 umount2("./505/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./505/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./505/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./505/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./505/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./505/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./505") = 0 mkdir("./506", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6600 attached , child_tidptr=0x555556b3a6d0) = 6600 [pid 6600] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6600] chdir("./506") = 0 [pid 6600] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6600] setpgid(0, 0) = 0 [pid 6600] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6600] write(3, "1000", 4) = 4 [pid 6600] close(3) = 0 [pid 6600] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6600] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6600] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6600] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6600] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6601], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6601 [pid 6600] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6600] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6601 attached [pid 6601] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6601] memfd_create("syzkaller", 0) = 3 [pid 6601] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [ 128.656669][ T6598] loop0: detected capacity change from 0 to 256 [ 128.665354][ T6598] exfat: Deprecated parameter 'utf8' [ 128.674864][ T6598] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6601] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6601] munmap(0x7f2656609000, 131072) = 0 [pid 6601] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6601] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6601] close(3) = 0 [pid 6601] mkdir("./file2", 0777) = 0 [pid 6601] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6601] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6601] chdir("./file2") = 0 [pid 6601] ioctl(4, LOOP_CLR_FD) = 0 [pid 6601] close(4) = 0 [pid 6601] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6600] <... futex resumed>) = 0 [pid 6601] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6600] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6600] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6601] <... openat resumed>) = 4 [pid 6601] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6601] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6600] <... futex resumed>) = 0 [pid 6600] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6601] <... futex resumed>) = 0 [pid 6600] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6601] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6601] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6600] <... futex resumed>) = 0 [pid 6601] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6600] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6601] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6600] <... futex resumed>) = 0 [pid 6601] write(4, "\x00\x00", 2 [pid 6600] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6601] <... write resumed>) = 2 [pid 6601] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6600] <... futex resumed>) = 0 [pid 6601] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6600] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6601] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6600] <... futex resumed>) = 0 [pid 6601] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6600] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6601] <... mmap resumed>) = 0x20000000 [pid 6600] <... futex resumed>) = 0 [pid 6601] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6600] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6601] <... futex resumed>) = 0 [pid 6600] <... mmap resumed>) = 0x7f2656608000 [pid 6601] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6600] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6600] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6602 attached [pid 6602] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6602] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6600] <... clone resumed>, parent_tid=[6602], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6602 [pid 6600] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6602] <... futex resumed>) = 0 [pid 6600] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6602] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6602] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6602] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6602] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6600] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6600] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6601] <... futex resumed>) = 0 [pid 6600] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6601] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6601] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6600] <... futex resumed>) = 0 [pid 6601] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6600] exit_group(0 [pid 6601] <... futex resumed>) = ? [pid 6600] <... exit_group resumed>) = ? [pid 6602] <... futex resumed>) = ? [pid 6601] +++ exited with 0 +++ [pid 6602] +++ exited with 0 +++ [pid 6600] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6600, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./506", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./506", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./506/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./506/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./506/binderfs") = 0 umount2("./506/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./506/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./506/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./506/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./506/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./506/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./506") = 0 mkdir("./507", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 128.738819][ T6601] loop0: detected capacity change from 0 to 256 [ 128.747604][ T6601] exfat: Deprecated parameter 'utf8' [ 128.757658][ T6601] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6603 ./strace-static-x86_64: Process 6603 attached [pid 6603] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6603] chdir("./507") = 0 [pid 6603] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6603] setpgid(0, 0) = 0 [pid 6603] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6603] write(3, "1000", 4) = 4 [pid 6603] close(3) = 0 [pid 6603] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6603] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6603] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6603] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6603] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6604 attached , parent_tid=[6604], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6604 [pid 6604] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6604] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6603] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6604] <... futex resumed>) = 0 [pid 6603] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6604] memfd_create("syzkaller", 0) = 3 [pid 6604] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6604] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6604] munmap(0x7f2656609000, 131072) = 0 [pid 6604] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6604] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6604] close(3) = 0 [pid 6604] mkdir("./file2", 0777) = 0 [pid 6604] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6604] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6604] chdir("./file2") = 0 [pid 6604] ioctl(4, LOOP_CLR_FD) = 0 [pid 6604] close(4) = 0 [pid 6604] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6603] <... futex resumed>) = 0 [pid 6603] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6603] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6604] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6604] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6603] <... futex resumed>) = 0 [pid 6603] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6603] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6604] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6604] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6603] <... futex resumed>) = 0 [pid 6603] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6603] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6604] write(4, "\x00\x00", 2) = 2 [pid 6604] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6603] <... futex resumed>) = 0 [pid 6603] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6603] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6603] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6604] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6603] <... mmap resumed>) = 0x7f2656608000 [pid 6603] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6604] <... mmap resumed>) = 0x20000000 [pid 6603] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6605 attached [pid 6604] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6603] <... clone resumed>, parent_tid=[6605], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6605 [pid 6603] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6603] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6605] set_robust_list(0x7f26566289e0, 24 [pid 6604] <... futex resumed>) = 0 [pid 6604] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6605] <... set_robust_list resumed>) = 0 [pid 6605] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6605] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6605] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6603] <... futex resumed>) = 0 [pid 6603] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6604] <... futex resumed>) = 0 [pid 6603] <... futex resumed>) = 1 [pid 6604] getdents64(-1, [pid 6603] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6604] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6604] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6603] <... futex resumed>) = 0 [pid 6604] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6603] exit_group(0 [pid 6605] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6604] <... futex resumed>) = ? [pid 6603] <... exit_group resumed>) = ? [pid 6605] <... futex resumed>) = ? [pid 6604] +++ exited with 0 +++ [pid 6605] +++ exited with 0 +++ [pid 6603] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6603, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./507", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./507", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./507/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./507/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./507/binderfs") = 0 umount2("./507/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./507/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./507/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./507/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./507/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./507/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./507") = 0 mkdir("./508", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6606 attached , child_tidptr=0x555556b3a6d0) = 6606 [pid 6606] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6606] chdir("./508") = 0 [pid 6606] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6606] setpgid(0, 0) = 0 [pid 6606] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6606] write(3, "1000", 4) = 4 [pid 6606] close(3) = 0 [pid 6606] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6606] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6606] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6606] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6606] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6607 attached [pid 6607] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6607] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6606] <... clone resumed>, parent_tid=[6607], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6607 [pid 6606] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6607] <... futex resumed>) = 0 [pid 6607] memfd_create("syzkaller", 0) = 3 [ 128.835239][ T6604] loop0: detected capacity change from 0 to 256 [ 128.844853][ T6604] exfat: Deprecated parameter 'utf8' [ 128.853872][ T6604] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6607] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6606] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6607] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6607] munmap(0x7f2656609000, 131072) = 0 [pid 6607] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6607] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6607] close(3) = 0 [pid 6607] mkdir("./file2", 0777) = 0 [pid 6607] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6607] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6607] chdir("./file2") = 0 [pid 6607] ioctl(4, LOOP_CLR_FD) = 0 [pid 6607] close(4) = 0 [pid 6607] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6607] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6606] <... futex resumed>) = 0 [pid 6606] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6607] <... futex resumed>) = 0 [pid 6607] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6606] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6607] <... openat resumed>) = 4 [pid 6607] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6607] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6606] <... futex resumed>) = 0 [pid 6607] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6606] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6607] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6606] <... futex resumed>) = 0 [pid 6606] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6607] <... openat resumed>) = 5 [pid 6607] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6606] <... futex resumed>) = 0 [pid 6607] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6606] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6607] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6606] <... futex resumed>) = 0 [pid 6606] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6607] write(4, "\x00\x00", 2) = 2 [pid 6607] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6606] <... futex resumed>) = 0 [pid 6607] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6606] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6607] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6606] <... futex resumed>) = 0 [pid 6606] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6607] <... mmap resumed>) = 0x20000000 [pid 6606] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6607] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6606] <... mmap resumed>) = 0x7f2656608000 [pid 6607] <... futex resumed>) = 0 [pid 6607] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6606] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6606] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6608], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6608 ./strace-static-x86_64: Process 6608 attached [pid 6606] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6608] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6606] <... futex resumed>) = 0 [pid 6606] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6608] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6608] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6608] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6606] <... futex resumed>) = 0 [pid 6608] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6606] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6607] <... futex resumed>) = 0 [pid 6606] <... futex resumed>) = 1 [pid 6607] getdents64(-1, [pid 6606] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6607] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6607] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6606] <... futex resumed>) = 0 [pid 6607] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6606] exit_group(0) = ? [pid 6607] <... futex resumed>) = ? [pid 6608] <... futex resumed>) = ? [pid 6608] +++ exited with 0 +++ [pid 6607] +++ exited with 0 +++ [pid 6606] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6606, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./508", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./508", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./508/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./508/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./508/binderfs") = 0 [ 128.918778][ T6607] loop0: detected capacity change from 0 to 256 [ 128.927367][ T6607] exfat: Deprecated parameter 'utf8' [ 128.936576][ T6607] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./508/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./508/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./508/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./508/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./508/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./508/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./508") = 0 mkdir("./509", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6609 ./strace-static-x86_64: Process 6609 attached [pid 6609] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6609] chdir("./509") = 0 [pid 6609] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6609] setpgid(0, 0) = 0 [pid 6609] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6609] write(3, "1000", 4) = 4 [pid 6609] close(3) = 0 [pid 6609] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6609] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6609] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6609] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6609] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6610], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6610 [pid 6609] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6609] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6610 attached [pid 6610] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6610] memfd_create("syzkaller", 0) = 3 [pid 6610] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6610] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6610] munmap(0x7f2656609000, 131072) = 0 [pid 6610] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6610] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6610] close(3) = 0 [pid 6610] mkdir("./file2", 0777) = 0 [pid 6610] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6610] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6610] chdir("./file2") = 0 [pid 6610] ioctl(4, LOOP_CLR_FD) = 0 [pid 6610] close(4) = 0 [pid 6610] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6609] <... futex resumed>) = 0 [pid 6610] <... futex resumed>) = 1 [pid 6609] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6609] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6610] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6610] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6609] <... futex resumed>) = 0 [pid 6610] <... futex resumed>) = 1 [pid 6609] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6610] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6609] <... futex resumed>) = 0 [pid 6609] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6610] <... openat resumed>) = 5 [pid 6610] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6609] <... futex resumed>) = 0 [pid 6609] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6610] write(4, "\x00\x00", 2 [pid 6609] <... futex resumed>) = 0 [pid 6609] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6610] <... write resumed>) = 2 [pid 6610] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6610] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6609] <... futex resumed>) = 0 [pid 6609] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6609] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6609] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6609] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6609] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6611], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6611 [pid 6609] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6609] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6610] <... futex resumed>) = 0 [pid 6610] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0./strace-static-x86_64: Process 6611 attached [pid 6611] set_robust_list(0x7f26566289e0, 24 [pid 6610] <... mmap resumed>) = 0x20000000 [pid 6610] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6610] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6611] <... set_robust_list resumed>) = 0 [pid 6611] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6611] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6611] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6609] <... futex resumed>) = 0 [pid 6609] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6609] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6610] <... futex resumed>) = 0 [pid 6610] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6610] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6609] <... futex resumed>) = 0 [pid 6609] exit_group(0) = ? [pid 6610] <... futex resumed>) = ? [pid 6610] +++ exited with 0 +++ [pid 6611] <... futex resumed>) = ? [pid 6611] +++ exited with 0 +++ [pid 6609] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6609, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./509", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./509", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./509/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./509/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./509/binderfs") = 0 umount2("./509/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./509/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./509/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./509/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./509/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./509/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./509") = 0 [ 129.003031][ T6610] loop0: detected capacity change from 0 to 256 [ 129.008935][ T5080] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 129.012695][ T6610] exfat: Deprecated parameter 'utf8' [ 129.028472][ T6610] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) mkdir("./510", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6612 ./strace-static-x86_64: Process 6612 attached [pid 6612] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6612] chdir("./510") = 0 [pid 6612] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6612] setpgid(0, 0) = 0 [pid 6612] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6612] write(3, "1000", 4) = 4 [pid 6612] close(3) = 0 [pid 6612] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6612] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6612] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6612] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6612] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6613 attached , parent_tid=[6613], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6613 [pid 6613] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6613] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6612] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6613] <... futex resumed>) = 0 [pid 6612] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6613] memfd_create("syzkaller", 0) = 3 [pid 6613] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6613] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6613] munmap(0x7f2656609000, 131072) = 0 [pid 6613] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6613] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6613] close(3) = 0 [pid 6613] mkdir("./file2", 0777) = 0 [pid 6613] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6613] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6613] chdir("./file2") = 0 [pid 6613] ioctl(4, LOOP_CLR_FD) = 0 [pid 6613] close(4) = 0 [pid 6613] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6612] <... futex resumed>) = 0 [pid 6612] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6612] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6613] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6613] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6612] <... futex resumed>) = 0 [pid 6612] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6612] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6613] <... futex resumed>) = 1 [pid 6613] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6613] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6612] <... futex resumed>) = 0 [pid 6612] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6612] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6613] <... futex resumed>) = 1 [pid 6613] write(4, "\x00\x00", 2) = 2 [pid 6613] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6612] <... futex resumed>) = 0 [pid 6612] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6612] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6612] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6612] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6612] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6614], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6614 [pid 6612] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6612] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6613] <... futex resumed>) = 1 [pid 6613] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 ./strace-static-x86_64: Process 6614 attached [pid 6614] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6614] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6614] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6614] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6612] <... futex resumed>) = 0 [pid 6614] <... futex resumed>) = 1 [pid 6612] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6614] getdents64(-1, [pid 6612] <... futex resumed>) = 0 [pid 6614] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6612] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6614] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6612] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6614] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6613] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6613] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6612] exit_group(0) = ? [pid 6613] <... futex resumed>) = ? [pid 6614] <... futex resumed>) = ? [pid 6613] +++ exited with 0 +++ [pid 6614] +++ exited with 0 +++ [pid 6612] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6612, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./510", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./510", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./510/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./510/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./510/binderfs") = 0 umount2("./510/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./510/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./510/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./510/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./510/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./510/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./510") = 0 mkdir("./511", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6615 ./strace-static-x86_64: Process 6615 attached [pid 6615] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6615] chdir("./511") = 0 [pid 6615] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6615] setpgid(0, 0) = 0 [pid 6615] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6615] write(3, "1000", 4) = 4 [ 129.099948][ T6613] loop0: detected capacity change from 0 to 256 [ 129.108210][ T6613] exfat: Deprecated parameter 'utf8' [ 129.117398][ T6613] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6615] close(3) = 0 [pid 6615] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6615] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6615] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6615] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6615] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6616 attached [pid 6616] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6616] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6615] <... clone resumed>, parent_tid=[6616], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6616 [pid 6615] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6616] <... futex resumed>) = 0 [pid 6615] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6616] memfd_create("syzkaller", 0) = 3 [pid 6616] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6616] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6616] munmap(0x7f2656609000, 131072) = 0 [pid 6616] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6616] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6616] close(3) = 0 [pid 6616] mkdir("./file2", 0777) = 0 [pid 6616] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6616] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6616] chdir("./file2") = 0 [pid 6616] ioctl(4, LOOP_CLR_FD) = 0 [pid 6616] close(4) = 0 [pid 6616] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6615] <... futex resumed>) = 0 [pid 6615] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6615] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6616] <... futex resumed>) = 1 [pid 6616] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6616] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6615] <... futex resumed>) = 0 [pid 6615] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6615] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6616] <... futex resumed>) = 1 [pid 6616] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6616] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6615] <... futex resumed>) = 0 [pid 6615] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6615] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6616] <... futex resumed>) = 1 [pid 6616] write(4, "\x00\x00", 2) = 2 [pid 6616] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6615] <... futex resumed>) = 0 [pid 6615] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6615] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6615] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6615] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6615] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6617], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6617 [pid 6615] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6615] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6616] <... futex resumed>) = 1 [pid 6616] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6616] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6616] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6617 attached [pid 6617] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6617] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6617] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6617] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6615] <... futex resumed>) = 0 [pid 6615] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6616] <... futex resumed>) = 0 [pid 6615] <... futex resumed>) = 1 [pid 6616] getdents64(-1, [pid 6615] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6616] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6616] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6615] <... futex resumed>) = 0 [pid 6616] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6615] exit_group(0 [pid 6616] <... futex resumed>) = ? [pid 6615] <... exit_group resumed>) = ? [pid 6616] +++ exited with 0 +++ [pid 6617] +++ exited with 0 +++ [pid 6615] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6615, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./511", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./511", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./511/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./511/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./511/binderfs") = 0 umount2("./511/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./511/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./511/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./511/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./511/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./511/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./511") = 0 mkdir("./512", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6618 ./strace-static-x86_64: Process 6618 attached [pid 6618] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6618] chdir("./512") = 0 [pid 6618] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6618] setpgid(0, 0) = 0 [pid 6618] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6618] write(3, "1000", 4) = 4 [pid 6618] close(3) = 0 [pid 6618] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6618] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6618] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6618] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6618] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6619], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6619 [pid 6618] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6618] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6619 attached [pid 6619] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6619] memfd_create("syzkaller", 0) = 3 [pid 6619] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [ 129.186804][ T6616] loop0: detected capacity change from 0 to 256 [ 129.194799][ T6616] exfat: Deprecated parameter 'utf8' [ 129.203709][ T6616] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6619] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6619] munmap(0x7f2656609000, 131072) = 0 [pid 6619] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6619] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6619] close(3) = 0 [pid 6619] mkdir("./file2", 0777) = 0 [pid 6619] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6619] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6619] chdir("./file2") = 0 [pid 6619] ioctl(4, LOOP_CLR_FD) = 0 [pid 6619] close(4) = 0 [pid 6619] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6618] <... futex resumed>) = 0 [pid 6618] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6618] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6619] <... futex resumed>) = 1 [pid 6619] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6619] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6618] <... futex resumed>) = 0 [pid 6618] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6618] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6619] <... futex resumed>) = 1 [pid 6619] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6619] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6618] <... futex resumed>) = 0 [pid 6618] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6618] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6619] <... futex resumed>) = 1 [pid 6619] write(4, "\x00\x00", 2) = 2 [pid 6619] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6618] <... futex resumed>) = 0 [pid 6618] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6618] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6618] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6618] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6618] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6620], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6620 [pid 6618] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6618] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6619] <... futex resumed>) = 1 [pid 6619] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6619] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6619] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6620 attached [pid 6620] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6620] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6620] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6620] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6618] <... futex resumed>) = 0 [pid 6618] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6618] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6619] <... futex resumed>) = 0 [pid 6619] getdents64(-1, [pid 6620] <... futex resumed>) = 1 [pid 6619] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6619] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6618] <... futex resumed>) = 0 [pid 6618] exit_group(0) = ? [pid 6619] <... futex resumed>) = ? [pid 6619] +++ exited with 0 +++ [pid 6620] +++ exited with 0 +++ [pid 6618] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6618, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./512", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./512", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./512/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./512/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./512/binderfs") = 0 umount2("./512/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./512/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./512/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./512/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./512/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./512/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./512") = 0 mkdir("./513", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 129.270570][ T6619] loop0: detected capacity change from 0 to 256 [ 129.279289][ T6619] exfat: Deprecated parameter 'utf8' [ 129.289029][ T6619] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6621 attached , child_tidptr=0x555556b3a6d0) = 6621 [pid 6621] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6621] chdir("./513") = 0 [pid 6621] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6621] setpgid(0, 0) = 0 [pid 6621] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6621] write(3, "1000", 4) = 4 [pid 6621] close(3) = 0 [pid 6621] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6621] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6621] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6621] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6621] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6622 attached , parent_tid=[6622], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6622 [pid 6621] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6621] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6622] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6622] memfd_create("syzkaller", 0) = 3 [pid 6622] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6622] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6622] munmap(0x7f2656609000, 131072) = 0 [pid 6622] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6622] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6622] close(3) = 0 [pid 6622] mkdir("./file2", 0777) = 0 [pid 6622] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6622] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6622] chdir("./file2") = 0 [pid 6622] ioctl(4, LOOP_CLR_FD) = 0 [pid 6622] close(4) = 0 [pid 6622] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6621] <... futex resumed>) = 0 [pid 6621] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6622] <... futex resumed>) = 1 [pid 6621] <... futex resumed>) = 0 [pid 6621] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6622] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6622] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6621] <... futex resumed>) = 0 [pid 6621] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6621] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6622] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6622] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6621] <... futex resumed>) = 0 [pid 6621] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6621] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6622] write(4, "\x00\x00", 2) = 2 [pid 6622] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6621] <... futex resumed>) = 0 [pid 6621] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6621] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6621] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6622] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6621] <... mmap resumed>) = 0x7f2656608000 [pid 6621] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6621] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6623], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6623 ./strace-static-x86_64: Process 6623 attached [pid 6622] <... mmap resumed>) = 0x20000000 [pid 6621] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6621] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6623] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6623] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6623] openat(AT_FDCWD, "", O_RDONLY [pid 6622] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6623] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 6623] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6621] <... futex resumed>) = 0 [pid 6621] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6621] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6623] <... futex resumed>) = 1 [pid 6621] <... futex resumed>) = 0 [pid 6623] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6622] <... futex resumed>) = 1 [pid 6621] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6622] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6622] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6621] <... futex resumed>) = 0 [pid 6621] exit_group(0 [pid 6622] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6621] <... exit_group resumed>) = ? [pid 6623] <... futex resumed>) = ? [pid 6623] +++ exited with 0 +++ [pid 6622] <... futex resumed>) = ? [pid 6622] +++ exited with 0 +++ [pid 6621] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6621, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./513", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./513", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./513/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./513/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./513/binderfs") = 0 umount2("./513/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./513/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./513/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./513/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./513/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./513/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./513") = 0 mkdir("./514", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6624 [ 129.369553][ T6622] loop0: detected capacity change from 0 to 256 [ 129.378009][ T6622] exfat: Deprecated parameter 'utf8' [ 129.386358][ T6622] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) ./strace-static-x86_64: Process 6624 attached [pid 6624] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6624] chdir("./514") = 0 [pid 6624] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6624] setpgid(0, 0) = 0 [pid 6624] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6624] write(3, "1000", 4) = 4 [pid 6624] close(3) = 0 [pid 6624] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6624] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6624] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6624] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6624] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6625], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6625 ./strace-static-x86_64: Process 6625 attached [pid 6625] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6625] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6624] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6625] <... futex resumed>) = 0 [pid 6624] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6625] memfd_create("syzkaller", 0) = 3 [pid 6625] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6625] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6625] munmap(0x7f2656609000, 131072) = 0 [pid 6625] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6625] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6625] close(3) = 0 [pid 6625] mkdir("./file2", 0777) = 0 [pid 6625] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6625] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6625] chdir("./file2") = 0 [pid 6625] ioctl(4, LOOP_CLR_FD) = 0 [pid 6625] close(4) = 0 [pid 6625] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6624] <... futex resumed>) = 0 [pid 6624] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6624] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6625] <... futex resumed>) = 1 [pid 6625] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6625] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6624] <... futex resumed>) = 0 [pid 6624] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6624] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6625] <... futex resumed>) = 1 [pid 6625] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6625] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6624] <... futex resumed>) = 0 [pid 6624] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6624] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6625] <... futex resumed>) = 1 [pid 6625] write(4, "\x00\x00", 2) = 2 [pid 6625] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6624] <... futex resumed>) = 0 [pid 6624] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6624] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6624] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6624] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6624] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6626 attached , parent_tid=[6626], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6626 [pid 6626] set_robust_list(0x7f26566289e0, 24 [pid 6625] <... futex resumed>) = 1 [pid 6624] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6624] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6625] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6626] <... set_robust_list resumed>) = 0 [pid 6625] <... mmap resumed>) = 0x20000000 [pid 6625] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6625] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6626] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6626] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6626] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6624] <... futex resumed>) = 0 [pid 6624] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6624] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6625] <... futex resumed>) = 0 [pid 6625] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6625] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6624] <... futex resumed>) = 0 [pid 6624] exit_group(0) = ? [pid 6625] <... futex resumed>) = ? [pid 6625] +++ exited with 0 +++ [pid 6626] <... futex resumed>) = ? [pid 6626] +++ exited with 0 +++ [pid 6624] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6624, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./514", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./514", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./514/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./514/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./514/binderfs") = 0 umount2("./514/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./514/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./514/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./514/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./514/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./514/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./514") = 0 [ 129.469454][ T6625] loop0: detected capacity change from 0 to 256 [ 129.478245][ T6625] exfat: Deprecated parameter 'utf8' [ 129.487569][ T6625] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) mkdir("./515", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6627 attached [pid 6627] set_robust_list(0x555556b3a6e0, 24 [pid 5078] <... clone resumed>, child_tidptr=0x555556b3a6d0) = 6627 [pid 6627] <... set_robust_list resumed>) = 0 [pid 6627] chdir("./515") = 0 [pid 6627] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6627] setpgid(0, 0) = 0 [pid 6627] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6627] write(3, "1000", 4) = 4 [pid 6627] close(3) = 0 [pid 6627] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6627] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6627] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6627] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6627] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6628], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6628 [pid 6627] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6627] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6628 attached [pid 6628] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6628] memfd_create("syzkaller", 0) = 3 [pid 6628] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6628] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6628] munmap(0x7f2656609000, 131072) = 0 [pid 6628] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6628] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6628] close(3) = 0 [pid 6628] mkdir("./file2", 0777) = 0 [pid 6628] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6628] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6628] chdir("./file2") = 0 [pid 6628] ioctl(4, LOOP_CLR_FD) = 0 [pid 6628] close(4) = 0 [pid 6628] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6627] <... futex resumed>) = 0 [pid 6627] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6627] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6628] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6628] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6627] <... futex resumed>) = 0 [pid 6627] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6627] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6628] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6628] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6627] <... futex resumed>) = 0 [pid 6627] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6627] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6628] write(4, "\x00\x00", 2) = 2 [pid 6628] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6627] <... futex resumed>) = 0 [pid 6627] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6627] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6627] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6628] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6627] <... mmap resumed>) = 0x7f2656608000 [pid 6627] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6628] <... mmap resumed>) = 0x20000000 [pid 6627] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6629], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6629 [pid 6628] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6627] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6627] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6628] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6629 attached [pid 6628] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6629] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6629] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6629] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6629] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6627] <... futex resumed>) = 0 [pid 6629] <... futex resumed>) = 1 [pid 6627] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6629] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6627] <... futex resumed>) = 1 [pid 6627] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6628] <... futex resumed>) = 0 [pid 6628] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6628] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6627] <... futex resumed>) = 0 [pid 6627] exit_group(0) = ? [pid 6628] <... futex resumed>) = ? [pid 6628] +++ exited with 0 +++ [pid 6629] <... futex resumed>) = ? [pid 6629] +++ exited with 0 +++ [pid 6627] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6627, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./515", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./515", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./515/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./515/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./515/binderfs") = 0 umount2("./515/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./515/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./515/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./515/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./515/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./515/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./515") = 0 mkdir("./516", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 129.569718][ T6628] loop0: detected capacity change from 0 to 256 [ 129.577932][ T6628] exfat: Deprecated parameter 'utf8' [ 129.587731][ T6628] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6630 ./strace-static-x86_64: Process 6630 attached [pid 6630] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6630] chdir("./516") = 0 [pid 6630] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6630] setpgid(0, 0) = 0 [pid 6630] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6630] write(3, "1000", 4) = 4 [pid 6630] close(3) = 0 [pid 6630] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6630] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6630] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6630] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6630] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6631 attached , parent_tid=[6631], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6631 [pid 6631] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6631] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6630] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6631] <... futex resumed>) = 0 [pid 6630] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6631] memfd_create("syzkaller", 0) = 3 [pid 6631] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6631] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6631] munmap(0x7f2656609000, 131072) = 0 [pid 6631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6631] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6631] close(3) = 0 [pid 6631] mkdir("./file2", 0777) = 0 [pid 6631] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6631] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6631] chdir("./file2") = 0 [pid 6631] ioctl(4, LOOP_CLR_FD) = 0 [pid 6631] close(4) = 0 [pid 6631] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6630] <... futex resumed>) = 0 [pid 6630] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6630] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6631] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6631] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6630] <... futex resumed>) = 0 [pid 6630] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6630] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6631] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6631] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6630] <... futex resumed>) = 0 [pid 6630] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6630] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6631] write(4, "\x00\x00", 2) = 2 [pid 6631] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6630] <... futex resumed>) = 0 [pid 6630] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6630] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6630] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6631] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6630] <... mmap resumed>) = 0x7f2656608000 [pid 6630] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6631] <... mmap resumed>) = 0x20000000 [pid 6630] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6631] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6632 attached [pid 6630] <... clone resumed>, parent_tid=[6632], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6632 [pid 6630] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6630] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6632] set_robust_list(0x7f26566289e0, 24 [pid 6631] <... futex resumed>) = 0 [pid 6632] <... set_robust_list resumed>) = 0 [pid 6631] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6632] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6632] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6632] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6630] <... futex resumed>) = 0 [pid 6632] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6630] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6631] <... futex resumed>) = 0 [pid 6630] <... futex resumed>) = 1 [pid 6631] getdents64(-1, [pid 6630] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6631] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6631] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6630] <... futex resumed>) = 0 [pid 6631] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6630] exit_group(0 [pid 6631] <... futex resumed>) = ? [pid 6630] <... exit_group resumed>) = ? [pid 6631] +++ exited with 0 +++ [pid 6632] <... futex resumed>) = ? [pid 6632] +++ exited with 0 +++ [pid 6630] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6630, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./516", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./516", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./516/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./516/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./516/binderfs") = 0 umount2("./516/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./516/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./516/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./516/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./516/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./516/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./516") = 0 mkdir("./517", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 129.671214][ T6631] loop0: detected capacity change from 0 to 256 [ 129.679941][ T6631] exfat: Deprecated parameter 'utf8' [ 129.688213][ T6631] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6633 ./strace-static-x86_64: Process 6633 attached [pid 6633] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6633] chdir("./517") = 0 [pid 6633] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6633] setpgid(0, 0) = 0 [pid 6633] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6633] write(3, "1000", 4) = 4 [pid 6633] close(3) = 0 [pid 6633] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6633] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6633] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6633] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6633] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6634], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6634 [pid 6633] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6633] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6634 attached [pid 6634] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6634] memfd_create("syzkaller", 0) = 3 [pid 6634] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6634] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6634] munmap(0x7f2656609000, 131072) = 0 [pid 6634] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6634] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6634] close(3) = 0 [pid 6634] mkdir("./file2", 0777) = 0 [pid 6634] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6634] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6634] chdir("./file2") = 0 [pid 6634] ioctl(4, LOOP_CLR_FD) = 0 [pid 6634] close(4) = 0 [pid 6634] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6633] <... futex resumed>) = 0 [pid 6634] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6633] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6634] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6633] <... futex resumed>) = 0 [pid 6634] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6634] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6633] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6633] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6634] <... futex resumed>) = 0 [pid 6633] <... futex resumed>) = 1 [pid 6634] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6633] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6634] <... openat resumed>) = 5 [pid 6634] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6633] <... futex resumed>) = 0 [pid 6634] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6633] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6634] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6633] <... futex resumed>) = 0 [pid 6634] write(4, "\x00\x00", 2 [pid 6633] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6634] <... write resumed>) = 2 [pid 6634] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6633] <... futex resumed>) = 0 [pid 6634] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6633] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6634] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6633] <... futex resumed>) = 0 [pid 6634] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6633] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6634] <... mmap resumed>) = 0x20000000 [pid 6633] <... futex resumed>) = 0 [pid 6634] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6633] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6634] <... futex resumed>) = 0 [pid 6633] <... mmap resumed>) = 0x7f2656608000 [pid 6634] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6633] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6633] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6635], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6635 [pid 6633] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6633] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6635 attached [pid 6635] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6635] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6635] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6635] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6633] <... futex resumed>) = 0 [pid 6633] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6634] <... futex resumed>) = 0 [pid 6633] <... futex resumed>) = 1 [pid 6634] getdents64(-1, [pid 6633] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6634] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6634] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6633] <... futex resumed>) = 0 [pid 6634] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6633] exit_group(0 [pid 6634] <... futex resumed>) = ? [pid 6633] <... exit_group resumed>) = ? [pid 6634] +++ exited with 0 +++ [pid 6635] <... futex resumed>) = ? [pid 6635] +++ exited with 0 +++ [pid 6633] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6633, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./517", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./517", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./517/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./517/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./517/binderfs") = 0 umount2("./517/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./517/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./517/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./517/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./517/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./517/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./517") = 0 mkdir("./518", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6636 ./strace-static-x86_64: Process 6636 attached [pid 6636] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6636] chdir("./518") = 0 [pid 6636] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6636] setpgid(0, 0) = 0 [pid 6636] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6636] write(3, "1000", 4) = 4 [pid 6636] close(3) = 0 [pid 6636] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6636] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6636] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6636] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6636] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6637 attached [pid 6637] set_robust_list(0x7f265ea299e0, 24 [pid 6636] <... clone resumed>, parent_tid=[6637], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6637 [pid 6637] <... set_robust_list resumed>) = 0 [pid 6636] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6636] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6637] memfd_create("syzkaller", 0) = 3 [pid 6637] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6637] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6637] munmap(0x7f2656609000, 131072) = 0 [pid 6637] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 129.766774][ T6634] loop0: detected capacity change from 0 to 256 [ 129.774951][ T6634] exfat: Deprecated parameter 'utf8' [ 129.784351][ T6634] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6637] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6637] close(3) = 0 [pid 6637] mkdir("./file2", 0777) = 0 [pid 6637] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6637] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6637] chdir("./file2") = 0 [pid 6637] ioctl(4, LOOP_CLR_FD) = 0 [pid 6637] close(4) = 0 [pid 6637] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6636] <... futex resumed>) = 0 [pid 6636] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6636] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6637] <... futex resumed>) = 1 [pid 6637] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6637] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6636] <... futex resumed>) = 0 [pid 6636] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6636] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6637] <... futex resumed>) = 1 [pid 6637] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6637] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6636] <... futex resumed>) = 0 [pid 6636] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6636] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6637] <... futex resumed>) = 1 [pid 6637] write(4, "\x00\x00", 2) = 2 [pid 6637] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6636] <... futex resumed>) = 0 [pid 6636] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6636] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6636] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6636] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6636] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6638 attached [pid 6637] <... futex resumed>) = 1 [pid 6636] <... clone resumed>, parent_tid=[6638], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6638 [pid 6637] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6636] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6638] set_robust_list(0x7f26566289e0, 24 [pid 6637] <... mmap resumed>) = 0x20000000 [pid 6636] <... futex resumed>) = 0 [pid 6636] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6638] <... set_robust_list resumed>) = 0 [pid 6637] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6637] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6638] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6638] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6638] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6636] <... futex resumed>) = 0 [pid 6638] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6636] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6637] <... futex resumed>) = 0 [pid 6636] <... futex resumed>) = 1 [pid 6637] getdents64(-1, [pid 6636] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6637] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6637] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6636] <... futex resumed>) = 0 [pid 6637] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6636] exit_group(0 [pid 6638] <... futex resumed>) = ? [pid 6637] <... futex resumed>) = ? [pid 6636] <... exit_group resumed>) = ? [pid 6638] +++ exited with 0 +++ [pid 6637] +++ exited with 0 +++ [pid 6636] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6636, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./518", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./518", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./518/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./518/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./518/binderfs") = 0 umount2("./518/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./518/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./518/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./518/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./518/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./518/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./518") = 0 mkdir("./519", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6639 ./strace-static-x86_64: Process 6639 attached [pid 6639] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6639] chdir("./519") = 0 [pid 6639] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6639] setpgid(0, 0) = 0 [pid 6639] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6639] write(3, "1000", 4) = 4 [pid 6639] close(3) = 0 [pid 6639] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6639] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6639] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6639] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6639] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6640], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6640 [pid 6639] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6639] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6640 attached [pid 6640] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6640] memfd_create("syzkaller", 0) = 3 [pid 6640] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6640] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6640] munmap(0x7f2656609000, 131072) = 0 [pid 6640] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 129.847516][ T6637] loop0: detected capacity change from 0 to 256 [ 129.856611][ T6637] exfat: Deprecated parameter 'utf8' [ 129.865585][ T6637] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6640] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6640] close(3) = 0 [pid 6640] mkdir("./file2", 0777) = 0 [pid 6640] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6640] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6640] chdir("./file2") = 0 [pid 6640] ioctl(4, LOOP_CLR_FD) = 0 [pid 6640] close(4) = 0 [pid 6640] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6639] <... futex resumed>) = 0 [pid 6639] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6640] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6639] <... futex resumed>) = 0 [pid 6639] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6640] <... openat resumed>) = 4 [pid 6640] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6639] <... futex resumed>) = 0 [pid 6640] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6639] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6639] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6640] <... openat resumed>) = 5 [pid 6640] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6639] <... futex resumed>) = 0 [pid 6640] write(4, "\x00\x00", 2 [pid 6639] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6639] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6640] <... write resumed>) = 2 [pid 6640] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6639] <... futex resumed>) = 0 [pid 6639] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6639] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6639] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6639] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6639] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6641], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6641 ./strace-static-x86_64: Process 6641 attached [pid 6639] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6641] set_robust_list(0x7f26566289e0, 24 [pid 6639] <... futex resumed>) = 0 [pid 6641] <... set_robust_list resumed>) = 0 [pid 6639] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6641] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6640] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6641] <... openat resumed>) = 6 [pid 6640] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6641] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6639] <... futex resumed>) = 0 [pid 6641] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6639] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6639] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6640] <... futex resumed>) = 1 [pid 6639] <... futex resumed>) = 0 [pid 6639] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6640] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 6640] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6639] <... futex resumed>) = 0 [pid 6639] exit_group(0) = ? [pid 6641] <... futex resumed>) = ? [pid 6640] +++ exited with 0 +++ [pid 6641] +++ exited with 0 +++ [pid 6639] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6639, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./519", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./519", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./519/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./519/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./519/binderfs") = 0 umount2("./519/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./519/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./519/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./519/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./519/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./519/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./519") = 0 mkdir("./520", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6642 attached , child_tidptr=0x555556b3a6d0) = 6642 [pid 6642] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6642] chdir("./520") = 0 [pid 6642] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6642] setpgid(0, 0) = 0 [pid 6642] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6642] write(3, "1000", 4) = 4 [pid 6642] close(3) = 0 [pid 6642] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6642] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6642] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6642] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6642] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6643], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6643 [pid 6642] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6642] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6643 attached [pid 6643] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6643] memfd_create("syzkaller", 0) = 3 [pid 6643] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6643] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6643] munmap(0x7f2656609000, 131072) = 0 [ 129.923878][ T6640] loop0: detected capacity change from 0 to 256 [ 129.932774][ T6640] exfat: Deprecated parameter 'utf8' [ 129.942120][ T6640] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6643] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6643] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6643] close(3) = 0 [pid 6643] mkdir("./file2", 0777) = 0 [pid 6643] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6643] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6643] chdir("./file2") = 0 [pid 6643] ioctl(4, LOOP_CLR_FD) = 0 [pid 6643] close(4) = 0 [pid 6643] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6642] <... futex resumed>) = 0 [pid 6643] <... futex resumed>) = 1 [pid 6642] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6642] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6643] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6643] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6642] <... futex resumed>) = 0 [pid 6642] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6642] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6643] <... futex resumed>) = 1 [pid 6643] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6643] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6642] <... futex resumed>) = 0 [pid 6642] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6642] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6643] <... futex resumed>) = 1 [pid 6643] write(4, "\x00\x00", 2) = 2 [pid 6643] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6642] <... futex resumed>) = 0 [pid 6642] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6642] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6642] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6642] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6642] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6644], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6644 [pid 6642] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6642] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6643] <... futex resumed>) = 1 [pid 6643] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0./strace-static-x86_64: Process 6644 attached [pid 6644] set_robust_list(0x7f26566289e0, 24 [pid 6643] <... mmap resumed>) = 0x20000000 [pid 6643] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6643] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6644] <... set_robust_list resumed>) = 0 [pid 6644] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6644] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6644] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6642] <... futex resumed>) = 0 [pid 6642] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6642] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6643] <... futex resumed>) = 0 [pid 6643] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6643] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6642] <... futex resumed>) = 0 [pid 6642] exit_group(0) = ? [pid 6643] <... futex resumed>) = ? [pid 6643] +++ exited with 0 +++ [pid 6644] <... futex resumed>) = ? [pid 6644] +++ exited with 0 +++ [pid 6642] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6642, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./520", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./520", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./520/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./520/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./520/binderfs") = 0 umount2("./520/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./520/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./520/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./520/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./520/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./520/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./520") = 0 mkdir("./521", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 130.003428][ T6643] loop0: detected capacity change from 0 to 256 [ 130.011838][ T6643] exfat: Deprecated parameter 'utf8' [ 130.020805][ T6643] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6645 attached , child_tidptr=0x555556b3a6d0) = 6645 [pid 6645] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6645] chdir("./521") = 0 [pid 6645] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6645] setpgid(0, 0) = 0 [pid 6645] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6645] write(3, "1000", 4) = 4 [pid 6645] close(3) = 0 [pid 6645] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6645] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6645] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6645] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6645] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6646 attached , parent_tid=[6646], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6646 [pid 6646] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6645] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6646] memfd_create("syzkaller", 0) = 3 [pid 6646] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6645] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6646] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6646] munmap(0x7f2656609000, 131072) = 0 [pid 6646] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6646] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6646] close(3) = 0 [pid 6646] mkdir("./file2", 0777) = 0 [pid 6646] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6646] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6646] chdir("./file2") = 0 [pid 6646] ioctl(4, LOOP_CLR_FD) = 0 [pid 6646] close(4) = 0 [pid 6646] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6646] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6645] <... futex resumed>) = 0 [pid 6645] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6645] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6646] <... futex resumed>) = 0 [pid 6646] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6646] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6645] <... futex resumed>) = 0 [pid 6646] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6645] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6645] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6646] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6646] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6646] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6645] <... futex resumed>) = 0 [pid 6645] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6645] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6646] write(4, "\x00\x00", 2) = 2 [pid 6646] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6645] <... futex resumed>) = 0 [pid 6645] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6645] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6645] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6646] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6645] <... mmap resumed>) = 0x7f2656608000 [pid 6645] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6646] <... mmap resumed>) = 0x20000000 [pid 6645] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6647 attached [pid 6646] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6645] <... clone resumed>, parent_tid=[6647], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6647 [pid 6645] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6645] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6646] <... futex resumed>) = 0 [pid 6647] set_robust_list(0x7f26566289e0, 24 [pid 6646] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6647] <... set_robust_list resumed>) = 0 [pid 6647] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6647] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6647] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6645] <... futex resumed>) = 0 [pid 6645] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6646] <... futex resumed>) = 0 [pid 6645] <... futex resumed>) = 1 [pid 6646] getdents64(-1, [pid 6645] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6646] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6647] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6646] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6645] <... futex resumed>) = 0 [pid 6646] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6645] exit_group(0 [pid 6646] <... futex resumed>) = ? [pid 6645] <... exit_group resumed>) = ? [pid 6647] <... futex resumed>) = ? [pid 6646] +++ exited with 0 +++ [pid 6647] +++ exited with 0 +++ [pid 6645] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6645, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./521", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./521", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./521/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./521/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./521/binderfs") = 0 umount2("./521/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./521/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./521/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./521/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./521/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./521/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./521") = 0 mkdir("./522", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6648 ./strace-static-x86_64: Process 6648 attached [pid 6648] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6648] chdir("./522") = 0 [pid 6648] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6648] setpgid(0, 0) = 0 [pid 6648] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6648] write(3, "1000", 4) = 4 [pid 6648] close(3) = 0 [pid 6648] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6648] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6648] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6648] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [ 130.101298][ T6646] loop0: detected capacity change from 0 to 256 [ 130.110153][ T6646] exfat: Deprecated parameter 'utf8' [ 130.119624][ T6646] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6648] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6649 attached , parent_tid=[6649], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6649 [pid 6649] set_robust_list(0x7f265ea299e0, 24 [pid 6648] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6649] <... set_robust_list resumed>) = 0 [pid 6648] <... futex resumed>) = 0 [pid 6648] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6649] memfd_create("syzkaller", 0) = 3 [pid 6649] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6649] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6649] munmap(0x7f2656609000, 131072) = 0 [pid 6649] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6649] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6649] close(3) = 0 [pid 6649] mkdir("./file2", 0777) = 0 [pid 6649] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6649] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6649] chdir("./file2") = 0 [pid 6649] ioctl(4, LOOP_CLR_FD) = 0 [pid 6649] close(4) = 0 [pid 6649] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6648] <... futex resumed>) = 0 [pid 6649] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6648] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6648] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6649] <... openat resumed>) = 4 [pid 6649] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6649] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6648] <... futex resumed>) = 0 [pid 6648] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6648] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6649] <... futex resumed>) = 0 [pid 6649] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6649] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6648] <... futex resumed>) = 0 [pid 6649] write(4, "\x00\x00", 2 [pid 6648] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6648] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6649] <... write resumed>) = 2 [pid 6649] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6648] <... futex resumed>) = 0 [pid 6649] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6648] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6649] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6648] <... futex resumed>) = 0 [pid 6649] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6648] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6649] <... mmap resumed>) = 0x20000000 [pid 6648] <... futex resumed>) = 0 [pid 6649] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6648] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6649] <... futex resumed>) = 0 [pid 6648] <... mmap resumed>) = 0x7f2656608000 [pid 6649] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6648] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6648] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6650], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6650 [pid 6648] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6648] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6650 attached [pid 6650] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6650] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6650] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6650] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6648] <... futex resumed>) = 0 [pid 6648] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6649] <... futex resumed>) = 0 [pid 6648] <... futex resumed>) = 1 [pid 6649] getdents64(-1, [pid 6648] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6649] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6649] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6648] <... futex resumed>) = 0 [pid 6649] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6648] exit_group(0 [pid 6649] <... futex resumed>) = ? [pid 6648] <... exit_group resumed>) = ? [pid 6649] +++ exited with 0 +++ [pid 6650] <... futex resumed>) = ? [pid 6650] +++ exited with 0 +++ [pid 6648] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6648, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./522", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./522", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./522/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./522/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./522/binderfs") = 0 umount2("./522/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./522/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./522/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./522/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./522/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./522/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./522") = 0 mkdir("./523", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 130.188402][ T6649] loop0: detected capacity change from 0 to 256 [ 130.197263][ T6649] exfat: Deprecated parameter 'utf8' [ 130.206868][ T6649] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6651 ./strace-static-x86_64: Process 6651 attached [pid 6651] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6651] chdir("./523") = 0 [pid 6651] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6651] setpgid(0, 0) = 0 [pid 6651] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6651] write(3, "1000", 4) = 4 [pid 6651] close(3) = 0 [pid 6651] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6651] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6651] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6651] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6651] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6652 attached , parent_tid=[6652], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6652 [pid 6652] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6652] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6651] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6652] <... futex resumed>) = 0 [pid 6651] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6652] memfd_create("syzkaller", 0) = 3 [pid 6652] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6652] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6652] munmap(0x7f2656609000, 131072) = 0 [pid 6652] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6652] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6652] close(3) = 0 [pid 6652] mkdir("./file2", 0777) = 0 [pid 6652] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6652] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6652] chdir("./file2") = 0 [pid 6652] ioctl(4, LOOP_CLR_FD) = 0 [pid 6652] close(4) = 0 [pid 6652] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6651] <... futex resumed>) = 0 [pid 6651] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6651] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6652] <... futex resumed>) = 1 [pid 6652] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6652] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6651] <... futex resumed>) = 0 [pid 6651] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6651] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6652] <... futex resumed>) = 1 [pid 6652] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6652] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6651] <... futex resumed>) = 0 [pid 6651] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6651] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6652] <... futex resumed>) = 1 [pid 6652] write(4, "\x00\x00", 2) = 2 [pid 6652] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6651] <... futex resumed>) = 0 [pid 6651] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6651] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6651] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6651] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6651] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6653], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6653 [pid 6651] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6651] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6653 attached [pid 6652] <... futex resumed>) = 1 [pid 6652] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6653] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6652] <... mmap resumed>) = 0x20000000 [pid 6652] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6652] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6653] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6653] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6653] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6651] <... futex resumed>) = 0 [pid 6651] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6651] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6652] <... futex resumed>) = 0 [pid 6652] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6652] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6651] <... futex resumed>) = 0 [pid 6651] exit_group(0) = ? [pid 6652] <... futex resumed>) = ? [pid 6652] +++ exited with 0 +++ [pid 6653] <... futex resumed>) = ? [pid 6653] +++ exited with 0 +++ [pid 6651] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6651, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./523", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./523", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./523/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./523/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./523/binderfs") = 0 umount2("./523/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./523/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./523/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./523/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./523/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./523/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./523") = 0 mkdir("./524", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6654 ./strace-static-x86_64: Process 6654 attached [pid 6654] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6654] chdir("./524") = 0 [pid 6654] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6654] setpgid(0, 0) = 0 [pid 6654] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6654] write(3, "1000", 4) = 4 [pid 6654] close(3) = 0 [pid 6654] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6654] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6654] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6654] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6654] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6655], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6655 ./strace-static-x86_64: Process 6655 attached [pid 6654] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6654] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6655] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6655] memfd_create("syzkaller", 0) = 3 [pid 6655] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6655] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6655] munmap(0x7f2656609000, 131072) = 0 [pid 6655] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 130.287577][ T6652] loop0: detected capacity change from 0 to 256 [ 130.295509][ T6652] exfat: Deprecated parameter 'utf8' [ 130.304874][ T6652] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6655] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6655] close(3) = 0 [pid 6655] mkdir("./file2", 0777) = 0 [pid 6655] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6655] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6655] chdir("./file2") = 0 [pid 6655] ioctl(4, LOOP_CLR_FD) = 0 [pid 6655] close(4) = 0 [pid 6655] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6654] <... futex resumed>) = 0 [pid 6654] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6654] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6655] <... futex resumed>) = 1 [pid 6655] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6655] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6654] <... futex resumed>) = 0 [pid 6654] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6654] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6655] <... futex resumed>) = 1 [pid 6655] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6655] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6654] <... futex resumed>) = 0 [pid 6654] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6654] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6655] <... futex resumed>) = 1 [pid 6655] write(4, "\x00\x00", 2) = 2 [pid 6655] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6654] <... futex resumed>) = 0 [pid 6654] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6654] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6654] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6654] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6655] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6654] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6656], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6656 [pid 6654] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6654] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6656 attached [pid 6656] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6656] openat(AT_FDCWD, "./file0", O_RDONLY) = 6 [pid 6655] <... mmap resumed>) = 0x20000000 [pid 6656] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6654] <... futex resumed>) = 0 [pid 6654] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6654] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6656] <... futex resumed>) = 1 [pid 6656] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 6655] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6656] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6654] <... futex resumed>) = 0 [pid 6654] exit_group(0) = ? [pid 6656] <... futex resumed>) = ? [pid 6656] +++ exited with 0 +++ [pid 6655] <... futex resumed>) = ? [pid 6655] +++ exited with 0 +++ [pid 6654] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6654, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./524", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./524", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./524/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./524/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./524/binderfs") = 0 umount2("./524/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./524/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./524/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./524/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./524/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./524/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./524") = 0 mkdir("./525", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6657 ./strace-static-x86_64: Process 6657 attached [pid 6657] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6657] chdir("./525") = 0 [pid 6657] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6657] setpgid(0, 0) = 0 [pid 6657] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6657] write(3, "1000", 4) = 4 [pid 6657] close(3) = 0 [pid 6657] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6657] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6657] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6657] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6657] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6658], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6658 [pid 6657] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6657] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6658 attached [pid 6658] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6658] memfd_create("syzkaller", 0) = 3 [pid 6658] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6658] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6658] munmap(0x7f2656609000, 131072) = 0 [ 130.368201][ T6655] loop0: detected capacity change from 0 to 256 [ 130.376586][ T6655] exfat: Deprecated parameter 'utf8' [ 130.384789][ T6655] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6658] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6658] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6658] close(3) = 0 [pid 6658] mkdir("./file2", 0777) = 0 [pid 6658] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6658] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6658] chdir("./file2") = 0 [pid 6658] ioctl(4, LOOP_CLR_FD) = 0 [pid 6658] close(4) = 0 [pid 6658] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6658] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6657] <... futex resumed>) = 0 [pid 6657] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6657] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6658] <... futex resumed>) = 0 [pid 6658] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6658] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6657] <... futex resumed>) = 0 [pid 6657] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6657] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6658] <... futex resumed>) = 1 [pid 6658] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6658] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6657] <... futex resumed>) = 0 [pid 6658] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6657] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6657] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6658] <... futex resumed>) = 0 [pid 6658] write(4, "\x00\x00", 2) = 2 [pid 6658] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6657] <... futex resumed>) = 0 [pid 6657] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6657] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6657] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6657] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6657] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6659], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6659 [pid 6657] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6657] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6658] <... futex resumed>) = 1 [pid 6658] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0./strace-static-x86_64: Process 6659 attached [pid 6659] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6658] <... mmap resumed>) = 0x20000000 [pid 6659] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6658] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6658] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6659] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6659] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6657] <... futex resumed>) = 0 [pid 6657] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6657] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6659] <... futex resumed>) = 1 [pid 6659] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6658] <... futex resumed>) = 0 [pid 6658] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6658] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6657] <... futex resumed>) = 0 [pid 6657] exit_group(0) = ? [pid 6659] <... futex resumed>) = ? [pid 6659] +++ exited with 0 +++ [pid 6658] <... futex resumed>) = ? [pid 6658] +++ exited with 0 +++ [pid 6657] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6657, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./525", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./525", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./525/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./525/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./525/binderfs") = 0 umount2("./525/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./525/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./525/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./525/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./525/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./525/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./525") = 0 mkdir("./526", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6660 ./strace-static-x86_64: Process 6660 attached [pid 6660] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6660] chdir("./526") = 0 [pid 6660] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6660] setpgid(0, 0) = 0 [pid 6660] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6660] write(3, "1000", 4) = 4 [pid 6660] close(3) = 0 [pid 6660] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6660] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6660] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6660] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6660] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6661], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6661 [pid 6660] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6661 attached ) = 0 [pid 6661] set_robust_list(0x7f265ea299e0, 24 [pid 6660] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6661] <... set_robust_list resumed>) = 0 [pid 6661] memfd_create("syzkaller", 0) = 3 [pid 6661] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6661] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6661] munmap(0x7f2656609000, 131072) = 0 [pid 6661] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 130.449765][ T6658] loop0: detected capacity change from 0 to 256 [ 130.458486][ T6658] exfat: Deprecated parameter 'utf8' [ 130.467049][ T6658] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6661] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6661] close(3) = 0 [pid 6661] mkdir("./file2", 0777) = 0 [pid 6661] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6661] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6661] chdir("./file2") = 0 [pid 6661] ioctl(4, LOOP_CLR_FD) = 0 [pid 6661] close(4) = 0 [pid 6661] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6660] <... futex resumed>) = 0 [pid 6660] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6660] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6661] <... futex resumed>) = 1 [pid 6661] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6661] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6660] <... futex resumed>) = 0 [pid 6660] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6660] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6661] <... futex resumed>) = 1 [pid 6661] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6661] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6660] <... futex resumed>) = 0 [pid 6660] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6660] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6661] <... futex resumed>) = 1 [pid 6661] write(4, "\x00\x00", 2) = 2 [pid 6661] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6660] <... futex resumed>) = 0 [pid 6660] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6660] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6660] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6660] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6660] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6662], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6662 [pid 6660] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6660] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6661] <... futex resumed>) = 1 [pid 6661] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6661] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6661] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6662 attached [pid 6662] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6662] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6662] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6662] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6660] <... futex resumed>) = 0 [pid 6660] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6660] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6661] <... futex resumed>) = 0 [pid 6661] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6661] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6660] <... futex resumed>) = 0 [pid 6660] exit_group(0) = ? [pid 6661] <... futex resumed>) = ? [pid 6661] +++ exited with 0 +++ [pid 6662] +++ exited with 0 +++ [pid 6660] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6660, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./526", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./526", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./526/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./526/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./526/binderfs") = 0 umount2("./526/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./526/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./526/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./526/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./526/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./526/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./526") = 0 mkdir("./527", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6663 ./strace-static-x86_64: Process 6663 attached [pid 6663] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6663] chdir("./527") = 0 [pid 6663] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6663] setpgid(0, 0) = 0 [pid 6663] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6663] write(3, "1000", 4) = 4 [pid 6663] close(3) = 0 [pid 6663] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6663] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6663] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6663] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6663] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6664], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6664 [pid 6663] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6663] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6664 attached [pid 6664] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6664] memfd_create("syzkaller", 0) = 3 [ 130.519287][ T6661] loop0: detected capacity change from 0 to 256 [ 130.527119][ T6661] exfat: Deprecated parameter 'utf8' [ 130.537099][ T6661] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6664] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6664] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6664] munmap(0x7f2656609000, 131072) = 0 [pid 6664] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6664] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6664] close(3) = 0 [pid 6664] mkdir("./file2", 0777) = 0 [pid 6664] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6664] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6664] chdir("./file2") = 0 [pid 6664] ioctl(4, LOOP_CLR_FD) = 0 [pid 6664] close(4) = 0 [pid 6664] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6663] <... futex resumed>) = 0 [pid 6664] <... futex resumed>) = 1 [pid 6663] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6664] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6663] <... futex resumed>) = 0 [pid 6663] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6664] <... openat resumed>) = 4 [pid 6664] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6663] <... futex resumed>) = 0 [pid 6664] <... futex resumed>) = 1 [pid 6663] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6663] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6664] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6664] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6663] <... futex resumed>) = 0 [pid 6664] <... futex resumed>) = 1 [pid 6663] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6663] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6664] write(4, "\x00\x00", 2) = 2 [pid 6664] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6663] <... futex resumed>) = 0 [pid 6663] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6664] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6663] <... futex resumed>) = 0 [pid 6663] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6663] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6663] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6663] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6665], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6665 [pid 6663] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6663] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6664] <... mmap resumed>) = 0x20000000 [pid 6664] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6664] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6665 attached [pid 6665] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6665] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6665] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6665] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6663] <... futex resumed>) = 0 [pid 6665] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6663] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6663] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6664] <... futex resumed>) = 0 [pid 6664] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6664] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6663] <... futex resumed>) = 0 [ 130.606850][ T6664] loop0: detected capacity change from 0 to 256 [ 130.615586][ T6664] exfat: Deprecated parameter 'utf8' [ 130.624845][ T6664] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6664] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6663] exit_group(0) = ? [pid 6665] <... futex resumed>) = ? [pid 6664] <... futex resumed>) = ? [pid 6665] +++ exited with 0 +++ [pid 6664] +++ exited with 0 +++ [pid 6663] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6663, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./527", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./527", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./527/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./527/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./527/binderfs") = 0 umount2("./527/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./527/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./527/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./527/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./527/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./527/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./527") = 0 mkdir("./528", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6666 ./strace-static-x86_64: Process 6666 attached [pid 6666] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6666] chdir("./528") = 0 [pid 6666] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6666] setpgid(0, 0) = 0 [pid 6666] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6666] write(3, "1000", 4) = 4 [pid 6666] close(3) = 0 [pid 6666] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6666] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6666] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6666] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6666] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6667 attached , parent_tid=[6667], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6667 [pid 6667] set_robust_list(0x7f265ea299e0, 24 [pid 6666] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6667] <... set_robust_list resumed>) = 0 [pid 6666] <... futex resumed>) = 0 [pid 6666] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6667] memfd_create("syzkaller", 0) = 3 [pid 6667] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6667] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6667] munmap(0x7f2656609000, 131072) = 0 [pid 6667] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6667] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6667] close(3) = 0 [pid 6667] mkdir("./file2", 0777) = 0 [pid 6667] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6667] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6667] chdir("./file2") = 0 [pid 6667] ioctl(4, LOOP_CLR_FD) = 0 [pid 6667] close(4) = 0 [pid 6667] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6667] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6666] <... futex resumed>) = 0 [pid 6666] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6667] <... futex resumed>) = 0 [pid 6667] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6666] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6667] <... openat resumed>) = 4 [pid 6667] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6666] <... futex resumed>) = 0 [pid 6667] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6666] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6667] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6666] <... futex resumed>) = 0 [pid 6667] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6666] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6667] <... openat resumed>) = 5 [pid 6667] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6666] <... futex resumed>) = 0 [pid 6666] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6667] write(4, "\x00\x00", 2 [pid 6666] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6667] <... write resumed>) = 2 [pid 6667] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6666] <... futex resumed>) = 0 [pid 6667] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6666] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6667] <... mmap resumed>) = 0x20000000 [pid 6666] <... futex resumed>) = 0 [pid 6666] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6666] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6667] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6667] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6666] <... mmap resumed>) = 0x7f2656608000 [pid 6666] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6666] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6668], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6668 [pid 6666] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6668 attached [pid 6666] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6668] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6668] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6668] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6668] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6666] <... futex resumed>) = 0 [pid 6666] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6667] <... futex resumed>) = 0 [pid 6666] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6667] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6667] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6666] <... futex resumed>) = 0 [pid 6667] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6666] exit_group(0 [pid 6667] <... futex resumed>) = ? [pid 6666] <... exit_group resumed>) = ? [pid 6667] +++ exited with 0 +++ [pid 6668] +++ exited with 0 +++ [pid 6666] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6666, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./528", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./528", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./528/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./528/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./528/binderfs") = 0 umount2("./528/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./528/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./528/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./528/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./528/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./528/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./528") = 0 [ 130.715492][ T6667] loop0: detected capacity change from 0 to 256 [ 130.724722][ T6667] exfat: Deprecated parameter 'utf8' [ 130.733300][ T6667] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) mkdir("./529", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6669 ./strace-static-x86_64: Process 6669 attached [pid 6669] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6669] chdir("./529") = 0 [pid 6669] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6669] setpgid(0, 0) = 0 [pid 6669] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6669] write(3, "1000", 4) = 4 [pid 6669] close(3) = 0 [pid 6669] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6669] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6669] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6669] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6669] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6670 attached , parent_tid=[6670], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6670 [pid 6669] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6669] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6670] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6670] memfd_create("syzkaller", 0) = 3 [pid 6670] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6670] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6670] munmap(0x7f2656609000, 131072) = 0 [pid 6670] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6670] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6670] close(3) = 0 [pid 6670] mkdir("./file2", 0777) = 0 [pid 6670] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6670] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6670] chdir("./file2") = 0 [pid 6670] ioctl(4, LOOP_CLR_FD) = 0 [pid 6670] close(4) = 0 [pid 6670] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6669] <... futex resumed>) = 0 [pid 6670] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6669] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6670] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6669] <... futex resumed>) = 0 [pid 6670] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6669] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6670] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6670] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6669] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6669] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6670] <... futex resumed>) = 0 [pid 6669] <... futex resumed>) = 1 [pid 6670] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6669] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6670] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6669] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6670] <... futex resumed>) = 0 [pid 6670] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6669] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6670] <... futex resumed>) = 0 [pid 6669] <... futex resumed>) = 1 [pid 6670] write(4, "\x00\x00", 2) = 2 [pid 6669] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6670] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6669] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6670] <... futex resumed>) = 0 [pid 6669] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6670] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6669] <... futex resumed>) = 0 [pid 6670] <... mmap resumed>) = 0x20000000 [pid 6669] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6670] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6669] <... futex resumed>) = 0 [pid 6670] <... futex resumed>) = 0 [pid 6669] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6670] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6669] <... mmap resumed>) = 0x7f2656608000 [pid 6669] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6669] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6671 attached , parent_tid=[6671], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6671 [pid 6671] set_robust_list(0x7f26566289e0, 24 [pid 6669] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6671] <... set_robust_list resumed>) = 0 [pid 6669] <... futex resumed>) = 0 [pid 6669] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6671] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6671] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6671] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6669] <... futex resumed>) = 0 [pid 6671] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6669] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6670] <... futex resumed>) = 0 [pid 6669] <... futex resumed>) = 1 [pid 6670] getdents64(-1, [pid 6669] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6670] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6670] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6669] <... futex resumed>) = 0 [pid 6670] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6669] exit_group(0 [pid 6670] <... futex resumed>) = ? [pid 6669] <... exit_group resumed>) = ? [pid 6670] +++ exited with 0 +++ [pid 6671] <... futex resumed>) = ? [pid 6671] +++ exited with 0 +++ [pid 6669] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6669, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./529", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./529", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./529/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./529/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./529/binderfs") = 0 umount2("./529/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./529/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./529/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./529/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./529/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./529/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./529") = 0 mkdir("./530", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6672 ./strace-static-x86_64: Process 6672 attached [pid 6672] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6672] chdir("./530") = 0 [ 130.816996][ T6670] loop0: detected capacity change from 0 to 256 [ 130.824832][ T6670] exfat: Deprecated parameter 'utf8' [ 130.833394][ T6670] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6672] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6672] setpgid(0, 0) = 0 [pid 6672] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6672] write(3, "1000", 4) = 4 [pid 6672] close(3) = 0 [pid 6672] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6672] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6672] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6672] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6672] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6673 attached , parent_tid=[6673], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6673 [pid 6673] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6673] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6672] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6673] <... futex resumed>) = 0 [pid 6672] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6673] memfd_create("syzkaller", 0) = 3 [pid 6673] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6673] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6673] munmap(0x7f2656609000, 131072) = 0 [pid 6673] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6673] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6673] close(3) = 0 [pid 6673] mkdir("./file2", 0777) = 0 [pid 6673] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6673] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6673] chdir("./file2") = 0 [pid 6673] ioctl(4, LOOP_CLR_FD) = 0 [pid 6673] close(4) = 0 [pid 6673] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6672] <... futex resumed>) = 0 [pid 6672] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6672] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6673] <... futex resumed>) = 1 [pid 6673] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6673] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6672] <... futex resumed>) = 0 [pid 6672] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6672] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6673] <... futex resumed>) = 1 [pid 6673] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6673] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6672] <... futex resumed>) = 0 [pid 6672] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6672] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6673] <... futex resumed>) = 1 [pid 6673] write(4, "\x00\x00", 2) = 2 [pid 6673] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6672] <... futex resumed>) = 0 [pid 6672] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6672] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6672] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6672] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6672] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6674], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6674 [pid 6672] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6672] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6673] <... futex resumed>) = 1 [pid 6673] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6673] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6673] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6674 attached [pid 6674] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6674] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6674] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6674] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6672] <... futex resumed>) = 0 [pid 6674] <... futex resumed>) = 1 [pid 6672] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6674] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6672] <... futex resumed>) = 1 [pid 6673] <... futex resumed>) = 0 [pid 6672] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6673] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6673] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6673] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6672] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6672] exit_group(0 [pid 6674] <... futex resumed>) = ? [pid 6672] <... exit_group resumed>) = ? [pid 6673] <... futex resumed>) = ? [pid 6673] +++ exited with 0 +++ [pid 6674] +++ exited with 0 +++ [pid 6672] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6672, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./530", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./530", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./530/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./530/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./530/binderfs") = 0 umount2("./530/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./530/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./530/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./530/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./530/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./530/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./530") = 0 mkdir("./531", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6675 attached , child_tidptr=0x555556b3a6d0) = 6675 [pid 6675] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6675] chdir("./531") = 0 [pid 6675] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6675] setpgid(0, 0) = 0 [pid 6675] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6675] write(3, "1000", 4) = 4 [pid 6675] close(3) = 0 [pid 6675] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6675] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6675] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6675] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6675] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6676 attached , parent_tid=[6676], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6676 [pid 6676] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6675] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6675] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6676] memfd_create("syzkaller", 0) = 3 [pid 6676] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6676] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6676] munmap(0x7f2656609000, 131072) = 0 [ 130.908518][ T6673] loop0: detected capacity change from 0 to 256 [ 130.916810][ T6673] exfat: Deprecated parameter 'utf8' [ 130.925461][ T6673] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6676] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6676] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6676] close(3) = 0 [pid 6676] mkdir("./file2", 0777) = 0 [pid 6676] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6676] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6676] chdir("./file2") = 0 [pid 6676] ioctl(4, LOOP_CLR_FD) = 0 [pid 6676] close(4) = 0 [pid 6676] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6675] <... futex resumed>) = 0 [pid 6675] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6675] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6676] <... futex resumed>) = 1 [pid 6676] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6676] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6675] <... futex resumed>) = 0 [pid 6675] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6675] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6676] <... futex resumed>) = 1 [pid 6676] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6676] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6675] <... futex resumed>) = 0 [pid 6675] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6675] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6676] <... futex resumed>) = 1 [pid 6676] write(4, "\x00\x00", 2) = 2 [pid 6676] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6675] <... futex resumed>) = 0 [pid 6675] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6675] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6675] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6675] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6675] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6677], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6677 [pid 6675] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6675] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6676] <... futex resumed>) = 1 [pid 6676] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6676] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6676] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6677 attached [pid 6677] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6677] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6677] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6677] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6675] <... futex resumed>) = 0 [pid 6675] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6675] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6676] <... futex resumed>) = 0 [pid 6676] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6676] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6675] <... futex resumed>) = 0 [pid 6675] exit_group(0) = ? [pid 6677] <... futex resumed>) = ? [pid 6676] <... futex resumed>) = ? [pid 6676] +++ exited with 0 +++ [pid 6677] +++ exited with 0 +++ [pid 6675] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6675, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./531", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./531", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./531/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./531/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./531/binderfs") = 0 umount2("./531/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./531/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./531/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./531/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./531/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./531/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./531") = 0 mkdir("./532", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6678 ./strace-static-x86_64: Process 6678 attached [pid 6678] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6678] chdir("./532") = 0 [pid 6678] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6678] setpgid(0, 0) = 0 [pid 6678] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6678] write(3, "1000", 4) = 4 [pid 6678] close(3) = 0 [pid 6678] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6678] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6678] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6678] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6678] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6679], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6679 [pid 6678] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6678] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6679 attached [pid 6679] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6679] memfd_create("syzkaller", 0) = 3 [pid 6679] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [ 130.987698][ T6676] loop0: detected capacity change from 0 to 256 [ 130.996257][ T6676] exfat: Deprecated parameter 'utf8' [ 131.004611][ T6676] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6679] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6679] munmap(0x7f2656609000, 131072) = 0 [pid 6679] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6679] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6679] close(3) = 0 [pid 6679] mkdir("./file2", 0777) = 0 [pid 6679] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6679] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6679] chdir("./file2") = 0 [pid 6679] ioctl(4, LOOP_CLR_FD) = 0 [pid 6679] close(4) = 0 [pid 6679] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6678] <... futex resumed>) = 0 [pid 6678] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6678] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6679] <... futex resumed>) = 1 [pid 6679] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6679] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6678] <... futex resumed>) = 0 [pid 6678] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6678] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6679] <... futex resumed>) = 1 [pid 6679] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6679] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6678] <... futex resumed>) = 0 [pid 6678] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6678] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6679] <... futex resumed>) = 1 [pid 6679] write(4, "\x00\x00", 2) = 2 [pid 6679] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6678] <... futex resumed>) = 0 [pid 6678] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6678] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6678] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6678] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6678] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6680 attached , parent_tid=[6680], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6680 [pid 6678] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6678] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6679] <... futex resumed>) = 1 [pid 6680] set_robust_list(0x7f26566289e0, 24 [pid 6679] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6680] <... set_robust_list resumed>) = 0 [pid 6680] openat(AT_FDCWD, "", O_RDONLY [pid 6679] <... mmap resumed>) = 0x20000000 [pid 6679] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6679] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6680] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 6680] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6678] <... futex resumed>) = 0 [pid 6678] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6678] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6679] <... futex resumed>) = 0 [pid 6679] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6679] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6678] <... futex resumed>) = 0 [pid 6678] exit_group(0) = ? [pid 6679] <... futex resumed>) = ? [pid 6680] +++ exited with 0 +++ [pid 6679] +++ exited with 0 +++ [pid 6678] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6678, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./532", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./532", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./532/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./532/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./532/binderfs") = 0 umount2("./532/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./532/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./532/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./532/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./532/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./532/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./532") = 0 mkdir("./533", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6681 ./strace-static-x86_64: Process 6681 attached [ 131.071215][ T6679] loop0: detected capacity change from 0 to 256 [ 131.080168][ T6679] exfat: Deprecated parameter 'utf8' [ 131.089903][ T6679] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6681] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6681] chdir("./533") = 0 [pid 6681] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6681] setpgid(0, 0) = 0 [pid 6681] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6681] write(3, "1000", 4) = 4 [pid 6681] close(3) = 0 [pid 6681] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6681] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6681] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6681] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6681] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6682], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6682 ./strace-static-x86_64: Process 6682 attached [pid 6682] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6682] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6681] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6682] <... futex resumed>) = 0 [pid 6682] memfd_create("syzkaller", 0 [pid 6681] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6682] <... memfd_create resumed>) = 3 [pid 6682] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6682] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6682] munmap(0x7f2656609000, 131072) = 0 [pid 6682] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6682] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6682] close(3) = 0 [pid 6682] mkdir("./file2", 0777) = 0 [pid 6682] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6682] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6682] chdir("./file2") = 0 [pid 6682] ioctl(4, LOOP_CLR_FD) = 0 [pid 6682] close(4) = 0 [pid 6682] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6681] <... futex resumed>) = 0 [pid 6682] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6681] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6682] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6681] <... futex resumed>) = 0 [pid 6682] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6681] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6682] <... openat resumed>) = 4 [pid 6682] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6681] <... futex resumed>) = 0 [pid 6682] <... futex resumed>) = 1 [pid 6682] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6681] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6681] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6682] <... openat resumed>) = 5 [pid 6682] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6681] <... futex resumed>) = 0 [pid 6681] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6681] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6682] write(4, "\x00\x00", 2) = 2 [pid 6682] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6681] <... futex resumed>) = 0 [pid 6682] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6681] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6682] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6681] <... futex resumed>) = 0 [pid 6682] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6681] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6681] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6682] <... mmap resumed>) = 0x20000000 [pid 6682] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6682] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6681] <... mmap resumed>) = 0x7f2656608000 [pid 6681] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6681] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6683 attached , parent_tid=[6683], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6683 [pid 6683] set_robust_list(0x7f26566289e0, 24 [pid 6681] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6683] <... set_robust_list resumed>) = 0 [pid 6681] <... futex resumed>) = 0 [pid 6683] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6681] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6683] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6683] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6681] <... futex resumed>) = 0 [pid 6681] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6682] <... futex resumed>) = 0 [pid 6681] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6682] getdents64(-1, [pid 6683] <... futex resumed>) = 1 [pid 6682] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6683] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6682] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6681] <... futex resumed>) = 0 [pid 6682] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6681] exit_group(0 [pid 6682] <... futex resumed>) = ? [pid 6681] <... exit_group resumed>) = ? [pid 6682] +++ exited with 0 +++ [pid 6683] <... futex resumed>) = ? [pid 6683] +++ exited with 0 +++ [pid 6681] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6681, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./533", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./533", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./533/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./533/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./533/binderfs") = 0 umount2("./533/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./533/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./533/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./533/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./533/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./533/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./533") = 0 mkdir("./534", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6684 ./strace-static-x86_64: Process 6684 attached [pid 6684] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6684] chdir("./534") = 0 [pid 6684] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6684] setpgid(0, 0) = 0 [pid 6684] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6684] write(3, "1000", 4) = 4 [pid 6684] close(3) = 0 [pid 6684] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6684] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6684] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6684] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6684] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6685], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6685 [pid 6684] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6684] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6685 attached [pid 6685] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6685] memfd_create("syzkaller", 0) = 3 [pid 6685] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [ 131.165353][ T6682] loop0: detected capacity change from 0 to 256 [ 131.173648][ T6682] exfat: Deprecated parameter 'utf8' [ 131.183539][ T6682] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6685] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6685] munmap(0x7f2656609000, 131072) = 0 [pid 6685] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6685] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6685] close(3) = 0 [pid 6685] mkdir("./file2", 0777) = 0 [pid 6685] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6685] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6685] chdir("./file2") = 0 [pid 6685] ioctl(4, LOOP_CLR_FD) = 0 [pid 6685] close(4) = 0 [pid 6685] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6684] <... futex resumed>) = 0 [pid 6685] <... futex resumed>) = 1 [pid 6684] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6685] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6684] <... futex resumed>) = 0 [pid 6684] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6685] <... openat resumed>) = 4 [pid 6685] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6684] <... futex resumed>) = 0 [pid 6684] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6685] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6684] <... futex resumed>) = 0 [pid 6684] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6685] <... openat resumed>) = 5 [pid 6685] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6684] <... futex resumed>) = 0 [pid 6685] <... futex resumed>) = 1 [pid 6684] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6685] write(4, "\x00\x00", 2 [pid 6684] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6685] <... write resumed>) = 2 [pid 6685] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6684] <... futex resumed>) = 0 [pid 6684] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6684] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6684] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6684] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6684] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6686], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6686 [pid 6684] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6684] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6685] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0./strace-static-x86_64: Process 6686 attached [pid 6686] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6686] openat(AT_FDCWD, "", O_RDONLY [pid 6685] <... mmap resumed>) = 0x20000000 [pid 6686] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 6685] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6686] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6685] <... futex resumed>) = 0 [pid 6686] <... futex resumed>) = 1 [pid 6685] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6684] <... futex resumed>) = 0 [pid 6684] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6684] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6686] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6685] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6685] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6685] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6684] <... futex resumed>) = 0 [pid 6684] exit_group(0 [pid 6686] <... futex resumed>) = ? [pid 6684] <... exit_group resumed>) = ? [pid 6686] +++ exited with 0 +++ [pid 6685] +++ exited with 0 +++ [pid 6684] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6684, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./534", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./534", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./534/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./534/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./534/binderfs") = 0 umount2("./534/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./534/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 131.243266][ T6685] loop0: detected capacity change from 0 to 256 [ 131.249169][ T5080] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 131.251819][ T6685] exfat: Deprecated parameter 'utf8' [ 131.269179][ T6685] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) lstat("./534/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./534/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./534/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./534/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./534") = 0 mkdir("./535", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6687 ./strace-static-x86_64: Process 6687 attached [pid 6687] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6687] chdir("./535") = 0 [pid 6687] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6687] setpgid(0, 0) = 0 [pid 6687] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6687] write(3, "1000", 4) = 4 [pid 6687] close(3) = 0 [pid 6687] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6687] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6687] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6687] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6687] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6688], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6688 [pid 6687] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6687] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6688 attached [pid 6688] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6688] memfd_create("syzkaller", 0) = 3 [pid 6688] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6688] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6688] munmap(0x7f2656609000, 131072) = 0 [pid 6688] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6688] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6688] close(3) = 0 [pid 6688] mkdir("./file2", 0777) = 0 [pid 6688] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6688] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6688] chdir("./file2") = 0 [pid 6688] ioctl(4, LOOP_CLR_FD) = 0 [pid 6688] close(4) = 0 [pid 6688] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6687] <... futex resumed>) = 0 [pid 6688] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6687] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6687] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6688] <... openat resumed>) = 4 [pid 6688] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6687] <... futex resumed>) = 0 [pid 6687] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6687] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6688] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6688] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6687] <... futex resumed>) = 0 [pid 6687] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6687] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6688] write(4, "\x00\x00", 2) = 2 [pid 6688] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6687] <... futex resumed>) = 0 [pid 6687] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6687] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6688] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6687] <... futex resumed>) = 0 [pid 6687] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6687] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6688] <... mmap resumed>) = 0x20000000 [pid 6687] <... mprotect resumed>) = 0 [pid 6687] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6689 attached [pid 6688] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6687] <... clone resumed>, parent_tid=[6689], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6689 [pid 6688] <... futex resumed>) = 0 [pid 6687] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6687] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6689] set_robust_list(0x7f26566289e0, 24 [pid 6688] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6689] <... set_robust_list resumed>) = 0 [pid 6689] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6689] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6689] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6687] <... futex resumed>) = 0 [pid 6687] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6688] <... futex resumed>) = 0 [pid 6687] <... futex resumed>) = 1 [pid 6688] getdents64(-1, [pid 6687] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6688] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6688] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6687] <... futex resumed>) = 0 [pid 6688] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6687] exit_group(0 [pid 6688] <... futex resumed>) = ? [pid 6687] <... exit_group resumed>) = ? [pid 6688] +++ exited with 0 +++ [pid 6689] +++ exited with 0 +++ [pid 6687] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6687, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./535", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./535", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./535/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./535/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./535/binderfs") = 0 umount2("./535/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./535/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./535/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./535/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./535/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./535/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./535") = 0 mkdir("./536", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 131.357663][ T6688] loop0: detected capacity change from 0 to 256 [ 131.367353][ T6688] exfat: Deprecated parameter 'utf8' [ 131.376920][ T6688] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6690 attached [pid 6690] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6690] chdir("./536" [pid 5078] <... clone resumed>, child_tidptr=0x555556b3a6d0) = 6690 [pid 6690] <... chdir resumed>) = 0 [pid 6690] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6690] setpgid(0, 0) = 0 [pid 6690] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6690] write(3, "1000", 4) = 4 [pid 6690] close(3) = 0 [pid 6690] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6690] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6690] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6690] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6690] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6691], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6691 [pid 6690] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6690] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6691 attached [pid 6691] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6691] memfd_create("syzkaller", 0) = 3 [pid 6691] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6691] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6691] munmap(0x7f2656609000, 131072) = 0 [pid 6691] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6691] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6691] close(3) = 0 [pid 6691] mkdir("./file2", 0777) = 0 [pid 6691] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6691] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6691] chdir("./file2") = 0 [pid 6691] ioctl(4, LOOP_CLR_FD) = 0 [pid 6691] close(4) = 0 [pid 6691] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6691] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6690] <... futex resumed>) = 0 [pid 6690] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6690] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6691] <... futex resumed>) = 0 [pid 6691] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6691] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6690] <... futex resumed>) = 0 [pid 6690] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6690] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6691] <... futex resumed>) = 1 [pid 6691] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6691] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6690] <... futex resumed>) = 0 [pid 6690] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6690] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6691] <... futex resumed>) = 1 [pid 6691] write(4, "\x00\x00", 2) = 2 [pid 6691] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6690] <... futex resumed>) = 0 [pid 6690] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6690] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6690] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6690] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6690] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6692], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6692 [pid 6690] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6690] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6691] <... futex resumed>) = 1 [pid 6691] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0./strace-static-x86_64: Process 6692 attached ) = 0x20000000 [pid 6691] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6691] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6692] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6692] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6692] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6692] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6690] <... futex resumed>) = 0 [pid 6690] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6690] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6691] <... futex resumed>) = 0 [pid 6691] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6691] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6690] <... futex resumed>) = 0 [pid 6690] exit_group(0) = ? [pid 6691] <... futex resumed>) = ? [pid 6691] +++ exited with 0 +++ [pid 6692] <... futex resumed>) = ? [pid 6692] +++ exited with 0 +++ [pid 6690] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6690, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./536", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./536", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./536/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./536/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./536/binderfs") = 0 umount2("./536/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./536/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./536/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./536/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./536/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./536/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./536") = 0 mkdir("./537", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 131.455751][ T6691] loop0: detected capacity change from 0 to 256 [ 131.465280][ T6691] exfat: Deprecated parameter 'utf8' [ 131.473681][ T6691] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6693 ./strace-static-x86_64: Process 6693 attached [pid 6693] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6693] chdir("./537") = 0 [pid 6693] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6693] setpgid(0, 0) = 0 [pid 6693] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6693] write(3, "1000", 4) = 4 [pid 6693] close(3) = 0 [pid 6693] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6693] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6693] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6693] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6693] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6694], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6694 [pid 6693] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6693] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6694 attached [pid 6694] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6694] memfd_create("syzkaller", 0) = 3 [pid 6694] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6694] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6694] munmap(0x7f2656609000, 131072) = 0 [pid 6694] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6694] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6694] close(3) = 0 [pid 6694] mkdir("./file2", 0777) = 0 [pid 6694] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6694] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6694] chdir("./file2") = 0 [pid 6694] ioctl(4, LOOP_CLR_FD) = 0 [pid 6694] close(4) = 0 [pid 6694] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6693] <... futex resumed>) = 0 [pid 6694] <... futex resumed>) = 1 [pid 6693] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6694] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6693] <... futex resumed>) = 0 [pid 6693] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6694] <... openat resumed>) = 4 [pid 6694] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6693] <... futex resumed>) = 0 [pid 6694] <... futex resumed>) = 1 [pid 6694] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6693] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6693] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6694] <... openat resumed>) = 5 [pid 6694] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6693] <... futex resumed>) = 0 [pid 6694] <... futex resumed>) = 1 [pid 6693] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6693] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6694] write(4, "\x00\x00", 2) = 2 [pid 6694] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6693] <... futex resumed>) = 0 [pid 6693] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6693] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6693] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6693] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6693] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6695], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6695 [pid 6693] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6693] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6694] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6694] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6694] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6695 attached [pid 6695] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6695] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6695] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6695] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6695] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6693] <... futex resumed>) = 0 [pid 6693] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6693] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6694] <... futex resumed>) = 0 [pid 6694] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6694] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6693] <... futex resumed>) = 0 [pid 6693] exit_group(0) = ? [pid 6695] <... futex resumed>) = ? [pid 6695] +++ exited with 0 +++ [pid 6694] +++ exited with 0 +++ [pid 6693] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6693, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./537", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./537", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./537/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./537/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./537/binderfs") = 0 umount2("./537/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./537/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./537/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./537/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./537/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./537/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./537") = 0 mkdir("./538", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6696 ./strace-static-x86_64: Process 6696 attached [pid 6696] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6696] chdir("./538") = 0 [pid 6696] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6696] setpgid(0, 0) = 0 [ 131.547320][ T6694] loop0: detected capacity change from 0 to 256 [ 131.555068][ T6694] exfat: Deprecated parameter 'utf8' [ 131.564902][ T6694] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6696] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6696] write(3, "1000", 4) = 4 [pid 6696] close(3) = 0 [pid 6696] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6696] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6696] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6696] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6696] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6697], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6697 [pid 6696] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6696] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6697 attached [pid 6697] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6697] memfd_create("syzkaller", 0) = 3 [pid 6697] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6697] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6697] munmap(0x7f2656609000, 131072) = 0 [pid 6697] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6697] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6697] close(3) = 0 [pid 6697] mkdir("./file2", 0777) = 0 [pid 6697] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6697] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6697] chdir("./file2") = 0 [pid 6697] ioctl(4, LOOP_CLR_FD) = 0 [pid 6697] close(4) = 0 [pid 6697] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6697] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6696] <... futex resumed>) = 0 [pid 6696] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6696] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6697] <... futex resumed>) = 0 [pid 6697] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6697] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6696] <... futex resumed>) = 0 [pid 6696] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6696] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6697] <... futex resumed>) = 1 [pid 6697] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6697] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6696] <... futex resumed>) = 0 [pid 6696] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6696] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6697] <... futex resumed>) = 1 [pid 6697] write(4, "\x00\x00", 2) = 2 [pid 6697] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6696] <... futex resumed>) = 0 [pid 6696] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6696] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6696] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6696] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6696] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6698], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6698 [pid 6696] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6696] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6697] <... futex resumed>) = 1 [pid 6697] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6697] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6698 attached [pid 6697] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6698] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6698] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6698] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6698] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6696] <... futex resumed>) = 0 [pid 6698] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6696] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6696] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6697] <... futex resumed>) = 0 [pid 6697] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6697] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6696] <... futex resumed>) = 0 [pid 6696] exit_group(0) = ? [pid 6697] <... futex resumed>) = ? [pid 6697] +++ exited with 0 +++ [pid 6698] <... futex resumed>) = ? [pid 6698] +++ exited with 0 +++ [pid 6696] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6696, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./538", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./538", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./538/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./538/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./538/binderfs") = 0 umount2("./538/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./538/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./538/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./538/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./538/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./538/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./538") = 0 mkdir("./539", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6699 attached [pid 6699] set_robust_list(0x555556b3a6e0, 24 [pid 5078] <... clone resumed>, child_tidptr=0x555556b3a6d0) = 6699 [pid 6699] <... set_robust_list resumed>) = 0 [pid 6699] chdir("./539") = 0 [pid 6699] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6699] setpgid(0, 0) = 0 [pid 6699] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6699] write(3, "1000", 4) = 4 [pid 6699] close(3) = 0 [pid 6699] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6699] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6699] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6699] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6699] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6700], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6700 [pid 6699] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6699] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6700 attached [pid 6700] set_robust_list(0x7f265ea299e0, 24) = 0 [ 131.638895][ T6697] loop0: detected capacity change from 0 to 256 [ 131.646831][ T6697] exfat: Deprecated parameter 'utf8' [ 131.655033][ T6697] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6700] memfd_create("syzkaller", 0) = 3 [pid 6700] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6700] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6700] munmap(0x7f2656609000, 131072) = 0 [pid 6700] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6700] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6700] close(3) = 0 [pid 6700] mkdir("./file2", 0777) = 0 [pid 6700] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6700] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6700] chdir("./file2") = 0 [pid 6700] ioctl(4, LOOP_CLR_FD) = 0 [pid 6700] close(4) = 0 [pid 6700] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6699] <... futex resumed>) = 0 [pid 6700] <... futex resumed>) = 1 [pid 6699] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6700] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6699] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6700] <... openat resumed>) = 4 [pid 6700] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6699] <... futex resumed>) = 0 [pid 6699] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6700] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6699] <... futex resumed>) = 0 [pid 6699] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6700] <... openat resumed>) = 5 [pid 6700] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6699] <... futex resumed>) = 0 [pid 6700] write(4, "\x00\x00", 2 [pid 6699] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6699] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6700] <... write resumed>) = 2 [pid 6700] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6699] <... futex resumed>) = 0 [pid 6699] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6699] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6699] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6699] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6699] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6701 attached , parent_tid=[6701], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6701 [pid 6701] set_robust_list(0x7f26566289e0, 24 [pid 6699] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6699] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6701] <... set_robust_list resumed>) = 0 [pid 6701] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6700] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6701] <... openat resumed>) = 6 [pid 6701] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6699] <... futex resumed>) = 0 [pid 6701] getdents64(6, [pid 6699] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6699] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6700] <... mmap resumed>) = 0x20000000 [pid 6700] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6701] <... getdents64 resumed>NULL, 32776) = -1 EFAULT (Bad address) [pid 6701] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6699] <... futex resumed>) = 0 [pid 6701] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6699] exit_group(0) = ? [pid 6701] <... futex resumed>) = ? [pid 6701] +++ exited with 0 +++ [pid 6700] <... futex resumed>) = ? [pid 6700] +++ exited with 0 +++ [pid 6699] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6699, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./539", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./539", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./539/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./539/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./539/binderfs") = 0 umount2("./539/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./539/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./539/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./539/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./539/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./539/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./539") = 0 mkdir("./540", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6702 ./strace-static-x86_64: Process 6702 attached [pid 6702] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6702] chdir("./540") = 0 [pid 6702] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6702] setpgid(0, 0) = 0 [pid 6702] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 131.724291][ T6700] loop0: detected capacity change from 0 to 256 [ 131.732635][ T6700] exfat: Deprecated parameter 'utf8' [ 131.741152][ T6700] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6702] write(3, "1000", 4) = 4 [pid 6702] close(3) = 0 [pid 6702] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6702] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6702] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6702] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6702] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6703 attached , parent_tid=[6703], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6703 [pid 6703] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6703] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6702] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6703] <... futex resumed>) = 0 [pid 6703] memfd_create("syzkaller", 0 [pid 6702] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6703] <... memfd_create resumed>) = 3 [pid 6703] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6703] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6703] munmap(0x7f2656609000, 131072) = 0 [pid 6703] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6703] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6703] close(3) = 0 [pid 6703] mkdir("./file2", 0777) = 0 [pid 6703] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6703] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6703] chdir("./file2") = 0 [pid 6703] ioctl(4, LOOP_CLR_FD) = 0 [pid 6703] close(4) = 0 [pid 6703] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6703] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6702] <... futex resumed>) = 0 [pid 6702] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6703] <... futex resumed>) = 0 [pid 6703] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6702] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6703] <... openat resumed>) = 4 [pid 6703] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6702] <... futex resumed>) = 0 [pid 6703] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6702] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6703] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6702] <... futex resumed>) = 0 [pid 6703] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6702] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6703] <... openat resumed>) = 5 [pid 6703] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6702] <... futex resumed>) = 0 [pid 6703] write(4, "\x00\x00", 2 [pid 6702] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6702] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6703] <... write resumed>) = 2 [pid 6703] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6702] <... futex resumed>) = 0 [pid 6703] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6702] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6702] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6702] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6703] <... mmap resumed>) = 0x20000000 [pid 6703] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6703] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6702] <... mmap resumed>) = 0x7f2656608000 [pid 6702] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6702] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6704 attached , parent_tid=[6704], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6704 [pid 6704] set_robust_list(0x7f26566289e0, 24 [pid 6702] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6704] <... set_robust_list resumed>) = 0 [pid 6702] <... futex resumed>) = 0 [pid 6702] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6704] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6704] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6704] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6702] <... futex resumed>) = 0 [pid 6704] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6702] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6703] <... futex resumed>) = 0 [pid 6702] <... futex resumed>) = 1 [pid 6702] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6703] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6703] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6702] <... futex resumed>) = 0 [pid 6703] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6702] exit_group(0) = ? [pid 6703] <... futex resumed>) = ? [pid 6703] +++ exited with 0 +++ [pid 6704] <... futex resumed>) = ? [pid 6704] +++ exited with 0 +++ [pid 6702] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6702, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./540", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./540", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./540/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./540/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./540/binderfs") = 0 umount2("./540/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./540/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./540/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./540/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./540/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./540/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./540") = 0 mkdir("./541", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6705 attached [pid 6705] set_robust_list(0x555556b3a6e0, 24 [pid 5078] <... clone resumed>, child_tidptr=0x555556b3a6d0) = 6705 [pid 6705] <... set_robust_list resumed>) = 0 [pid 6705] chdir("./541") = 0 [pid 6705] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6705] setpgid(0, 0) = 0 [pid 6705] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6705] write(3, "1000", 4) = 4 [pid 6705] close(3) = 0 [pid 6705] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6705] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6705] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6705] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [ 131.812595][ T6703] loop0: detected capacity change from 0 to 256 [ 131.821840][ T6703] exfat: Deprecated parameter 'utf8' [ 131.830520][ T6703] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6705] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6706 attached , parent_tid=[6706], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6706 [pid 6705] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6705] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6706] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6706] memfd_create("syzkaller", 0) = 3 [pid 6706] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6706] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6706] munmap(0x7f2656609000, 131072) = 0 [pid 6706] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6706] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6706] close(3) = 0 [pid 6706] mkdir("./file2", 0777) = 0 [pid 6706] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6706] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6706] chdir("./file2") = 0 [pid 6706] ioctl(4, LOOP_CLR_FD) = 0 [pid 6706] close(4) = 0 [pid 6706] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6705] <... futex resumed>) = 0 [pid 6705] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6705] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6706] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6706] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6705] <... futex resumed>) = 0 [pid 6706] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6705] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6706] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6705] <... futex resumed>) = 0 [pid 6706] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6705] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6706] <... openat resumed>) = 5 [pid 6706] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6706] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6705] <... futex resumed>) = 0 [pid 6705] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6706] <... futex resumed>) = 0 [pid 6705] <... futex resumed>) = 1 [pid 6706] write(4, "\x00\x00", 2 [pid 6705] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6706] <... write resumed>) = 2 [pid 6706] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6705] <... futex resumed>) = 0 [pid 6705] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6706] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6705] <... futex resumed>) = 0 [pid 6706] <... mmap resumed>) = 0x20000000 [pid 6705] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6706] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6705] <... futex resumed>) = 0 [pid 6705] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6706] <... futex resumed>) = 0 [pid 6705] <... mmap resumed>) = 0x7f2656608000 [pid 6706] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6705] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6705] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6707 attached [pid 6707] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6705] <... clone resumed>, parent_tid=[6707], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6707 [pid 6705] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6705] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6707] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6707] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6707] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6705] <... futex resumed>) = 0 [pid 6705] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6706] <... futex resumed>) = 0 [pid 6705] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6706] getdents64(-1, [pid 6707] <... futex resumed>) = 1 [pid 6707] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6706] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6706] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6705] <... futex resumed>) = 0 [pid 6705] exit_group(0) = ? [pid 6707] <... futex resumed>) = ? [pid 6707] +++ exited with 0 +++ [pid 6706] +++ exited with 0 +++ [pid 6705] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6705, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./541", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./541", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./541/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./541/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./541/binderfs") = 0 umount2("./541/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./541/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./541/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./541/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./541/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./541/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./541") = 0 mkdir("./542", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6708 attached , child_tidptr=0x555556b3a6d0) = 6708 [pid 6708] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6708] chdir("./542") = 0 [pid 6708] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6708] setpgid(0, 0) = 0 [pid 6708] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6708] write(3, "1000", 4) = 4 [pid 6708] close(3) = 0 [pid 6708] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6708] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6708] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6708] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [ 131.904054][ T6706] loop0: detected capacity change from 0 to 256 [ 131.913112][ T6706] exfat: Deprecated parameter 'utf8' [ 131.921384][ T6706] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6708] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6709], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6709 [pid 6708] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6709 attached [pid 6709] set_robust_list(0x7f265ea299e0, 24 [pid 6708] <... futex resumed>) = 0 [pid 6708] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6709] <... set_robust_list resumed>) = 0 [pid 6709] memfd_create("syzkaller", 0) = 3 [pid 6709] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6709] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6709] munmap(0x7f2656609000, 131072) = 0 [pid 6709] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6709] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6709] close(3) = 0 [pid 6709] mkdir("./file2", 0777) = 0 [pid 6709] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6709] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6709] chdir("./file2") = 0 [pid 6709] ioctl(4, LOOP_CLR_FD) = 0 [pid 6709] close(4) = 0 [pid 6709] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6708] <... futex resumed>) = 0 [pid 6709] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6708] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6708] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6709] <... futex resumed>) = 0 [pid 6709] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6709] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6708] <... futex resumed>) = 0 [pid 6708] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6708] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6709] <... futex resumed>) = 1 [pid 6709] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6709] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6708] <... futex resumed>) = 0 [pid 6708] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6708] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6709] <... futex resumed>) = 1 [pid 6709] write(4, "\x00\x00", 2) = 2 [pid 6709] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6708] <... futex resumed>) = 0 [pid 6708] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6708] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6708] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6708] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6708] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6710], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6710 [pid 6708] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6708] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6709] <... futex resumed>) = 1 [pid 6709] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0./strace-static-x86_64: Process 6710 attached [pid 6710] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6709] <... mmap resumed>) = 0x20000000 [pid 6709] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6709] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6710] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6710] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6710] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6708] <... futex resumed>) = 0 [pid 6708] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6708] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6709] <... futex resumed>) = 0 [pid 6709] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6709] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6708] <... futex resumed>) = 0 [pid 6708] exit_group(0) = ? [pid 6709] <... futex resumed>) = ? [pid 6709] +++ exited with 0 +++ [pid 6710] <... futex resumed>) = ? [pid 6710] +++ exited with 0 +++ [pid 6708] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6708, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./542", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./542", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./542/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./542/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./542/binderfs") = 0 umount2("./542/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./542/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./542/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./542/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./542/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./542/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./542") = 0 mkdir("./543", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 131.993802][ T6709] loop0: detected capacity change from 0 to 256 [ 132.003000][ T6709] exfat: Deprecated parameter 'utf8' [ 132.012207][ T6709] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6711 ./strace-static-x86_64: Process 6711 attached [pid 6711] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6711] chdir("./543") = 0 [pid 6711] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6711] setpgid(0, 0) = 0 [pid 6711] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6711] write(3, "1000", 4) = 4 [pid 6711] close(3) = 0 [pid 6711] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6711] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6711] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6711] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6711] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6712 attached , parent_tid=[6712], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6712 [pid 6711] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6711] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6712] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6712] memfd_create("syzkaller", 0) = 3 [pid 6712] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6712] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6712] munmap(0x7f2656609000, 131072) = 0 [pid 6712] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6712] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6712] close(3) = 0 [pid 6712] mkdir("./file2", 0777) = 0 [pid 6712] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6712] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6712] chdir("./file2") = 0 [pid 6712] ioctl(4, LOOP_CLR_FD) = 0 [pid 6712] close(4) = 0 [pid 6712] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6711] <... futex resumed>) = 0 [pid 6711] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6711] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6712] <... futex resumed>) = 1 [pid 6712] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6712] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6711] <... futex resumed>) = 0 [pid 6711] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6711] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6712] <... futex resumed>) = 1 [pid 6712] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6712] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6711] <... futex resumed>) = 0 [pid 6711] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6711] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6712] write(4, "\x00\x00", 2) = 2 [pid 6712] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6711] <... futex resumed>) = 0 [pid 6711] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6711] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6711] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6712] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6711] <... mmap resumed>) = 0x7f2656608000 [pid 6711] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6712] <... mmap resumed>) = 0x20000000 [pid 6711] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6712] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6711] <... clone resumed>, parent_tid=[6713], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6713 [pid 6711] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6711] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6713 attached [pid 6713] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6713] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6713] openat(AT_FDCWD, "", O_RDONLY [pid 6712] <... futex resumed>) = 0 [pid 6713] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 6713] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6711] <... futex resumed>) = 0 [pid 6711] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6711] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6713] <... futex resumed>) = 1 [pid 6713] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6712] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6712] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6711] <... futex resumed>) = 0 [pid 6712] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6711] exit_group(0) = ? [pid 6713] <... futex resumed>) = ? [pid 6712] <... futex resumed>) = ? [pid 6713] +++ exited with 0 +++ [pid 6712] +++ exited with 0 +++ [pid 6711] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6711, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./543", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./543", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./543/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./543/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./543/binderfs") = 0 umount2("./543/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./543/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./543/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./543/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./543/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./543/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./543") = 0 mkdir("./544", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6714 ./strace-static-x86_64: Process 6714 attached [pid 6714] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6714] chdir("./544") = 0 [ 132.087699][ T6712] loop0: detected capacity change from 0 to 256 [ 132.095344][ T6712] exfat: Deprecated parameter 'utf8' [ 132.104558][ T6712] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6714] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6714] setpgid(0, 0) = 0 [pid 6714] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6714] write(3, "1000", 4) = 4 [pid 6714] close(3) = 0 [pid 6714] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6714] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6714] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6714] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6714] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6715], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6715 ./strace-static-x86_64: Process 6715 attached [pid 6715] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6715] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6714] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6715] <... futex resumed>) = 0 [pid 6714] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6715] memfd_create("syzkaller", 0) = 3 [pid 6715] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6715] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6715] munmap(0x7f2656609000, 131072) = 0 [pid 6715] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6715] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6715] close(3) = 0 [pid 6715] mkdir("./file2", 0777) = 0 [pid 6715] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6715] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6715] chdir("./file2") = 0 [pid 6715] ioctl(4, LOOP_CLR_FD) = 0 [pid 6715] close(4) = 0 [pid 6715] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6714] <... futex resumed>) = 0 [pid 6714] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6714] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6715] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6715] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6714] <... futex resumed>) = 0 [pid 6714] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6714] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6715] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6715] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6714] <... futex resumed>) = 0 [pid 6714] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6714] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6715] write(4, "\x00\x00", 2) = 2 [pid 6715] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6714] <... futex resumed>) = 0 [pid 6714] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6714] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6714] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6714] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6714] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6716], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6716 [pid 6714] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6714] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6715] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6715] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6715] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6716 attached [pid 6716] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6716] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6716] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6716] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6714] <... futex resumed>) = 0 [pid 6716] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6714] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6714] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6715] <... futex resumed>) = 0 [pid 6715] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6715] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6714] <... futex resumed>) = 0 [pid 6714] exit_group(0) = ? [pid 6716] <... futex resumed>) = ? [pid 6715] +++ exited with 0 +++ [pid 6716] +++ exited with 0 +++ [pid 6714] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6714, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./544", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./544", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./544/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./544/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./544/binderfs") = 0 umount2("./544/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./544/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./544/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./544/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./544/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./544/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./544") = 0 mkdir("./545", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6717 ./strace-static-x86_64: Process 6717 attached [pid 6717] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6717] chdir("./545") = 0 [pid 6717] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6717] setpgid(0, 0) = 0 [pid 6717] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6717] write(3, "1000", 4) = 4 [pid 6717] close(3) = 0 [pid 6717] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6717] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 132.181967][ T6715] loop0: detected capacity change from 0 to 256 [ 132.191358][ T6715] exfat: Deprecated parameter 'utf8' [ 132.200496][ T6715] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6717] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6717] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6717] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6718 attached , parent_tid=[6718], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6718 [pid 6718] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6718] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6717] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6718] <... futex resumed>) = 0 [pid 6717] <... futex resumed>) = 1 [pid 6718] memfd_create("syzkaller", 0 [pid 6717] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6718] <... memfd_create resumed>) = 3 [pid 6718] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6718] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6718] munmap(0x7f2656609000, 131072) = 0 [pid 6718] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6718] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6718] close(3) = 0 [pid 6718] mkdir("./file2", 0777) = 0 [pid 6718] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6718] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6718] chdir("./file2") = 0 [pid 6718] ioctl(4, LOOP_CLR_FD) = 0 [pid 6718] close(4) = 0 [pid 6718] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6717] <... futex resumed>) = 0 [pid 6717] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6718] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6717] <... futex resumed>) = 0 [pid 6717] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6718] <... openat resumed>) = 4 [pid 6718] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6717] <... futex resumed>) = 0 [pid 6718] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6717] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6717] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6718] <... openat resumed>) = 5 [pid 6718] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6717] <... futex resumed>) = 0 [pid 6718] <... futex resumed>) = 1 [pid 6717] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6717] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6718] write(4, "\x00\x00", 2) = 2 [pid 6718] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6717] <... futex resumed>) = 0 [pid 6717] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6717] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6717] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6717] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6717] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6719], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6719 ./strace-static-x86_64: Process 6719 attached [pid 6717] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6719] set_robust_list(0x7f26566289e0, 24 [pid 6717] <... futex resumed>) = 0 [pid 6719] <... set_robust_list resumed>) = 0 [pid 6717] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6719] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6718] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6719] <... openat resumed>) = 6 [pid 6719] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6717] <... futex resumed>) = 0 [pid 6717] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6719] getdents64(6, [pid 6717] <... futex resumed>) = 0 [pid 6719] <... getdents64 resumed>NULL, 32776) = -1 EFAULT (Bad address) [pid 6717] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6719] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6717] <... futex resumed>) = 0 [pid 6719] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6718] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6718] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6717] exit_group(0) = ? [pid 6719] <... futex resumed>) = ? [pid 6719] +++ exited with 0 +++ [pid 6718] <... futex resumed>) = ? [pid 6718] +++ exited with 0 +++ [pid 6717] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6717, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./545", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./545", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./545/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./545/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./545/binderfs") = 0 umount2("./545/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./545/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./545/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./545/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./545/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./545/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./545") = 0 mkdir("./546", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 132.272186][ T6718] loop0: detected capacity change from 0 to 256 [ 132.281645][ T6718] exfat: Deprecated parameter 'utf8' [ 132.290810][ T6718] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6720 ./strace-static-x86_64: Process 6720 attached [pid 6720] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6720] chdir("./546") = 0 [pid 6720] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6720] setpgid(0, 0) = 0 [pid 6720] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6720] write(3, "1000", 4) = 4 [pid 6720] close(3) = 0 [pid 6720] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6720] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6720] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6720] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6720] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6721], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6721 [pid 6720] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6720] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6721 attached [pid 6721] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6721] memfd_create("syzkaller", 0) = 3 [pid 6721] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6721] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6721] munmap(0x7f2656609000, 131072) = 0 [pid 6721] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6721] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6721] close(3) = 0 [pid 6721] mkdir("./file2", 0777) = 0 [pid 6721] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6721] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6721] chdir("./file2") = 0 [pid 6721] ioctl(4, LOOP_CLR_FD) = 0 [pid 6721] close(4) = 0 [pid 6721] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6720] <... futex resumed>) = 0 [pid 6721] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6720] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6721] <... futex resumed>) = 0 [pid 6721] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6720] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6721] <... openat resumed>) = 4 [pid 6721] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6720] <... futex resumed>) = 0 [pid 6720] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6720] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6721] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6721] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6720] <... futex resumed>) = 0 [pid 6720] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6720] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6721] write(4, "\x00\x00", 2) = 2 [pid 6721] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6720] <... futex resumed>) = 0 [pid 6720] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6720] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6720] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6720] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6721] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6720] <... mprotect resumed>) = 0 [pid 6720] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6721] <... mmap resumed>) = 0x20000000 [pid 6721] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6720] <... clone resumed>, parent_tid=[6722], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6722 ./strace-static-x86_64: Process 6722 attached [pid 6722] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6722] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6721] <... futex resumed>) = 0 [pid 6720] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6721] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6720] <... futex resumed>) = 1 [pid 6722] <... futex resumed>) = 0 [pid 6720] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6722] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6722] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6722] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6720] <... futex resumed>) = 0 [pid 6720] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6721] <... futex resumed>) = 0 [pid 6720] <... futex resumed>) = 1 [pid 6721] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6720] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6721] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6720] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6721] <... futex resumed>) = 0 [pid 6721] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6720] exit_group(0 [pid 6721] <... futex resumed>) = ? [pid 6720] <... exit_group resumed>) = ? [pid 6721] +++ exited with 0 +++ [pid 6722] +++ exited with 0 +++ [pid 6720] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6720, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./546", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./546", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./546/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./546/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./546/binderfs") = 0 umount2("./546/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./546/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./546/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./546/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./546/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./546/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./546") = 0 mkdir("./547", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6723 ./strace-static-x86_64: Process 6723 attached [pid 6723] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6723] chdir("./547") = 0 [pid 6723] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6723] setpgid(0, 0) = 0 [pid 6723] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6723] write(3, "1000", 4) = 4 [pid 6723] close(3) = 0 [pid 6723] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6723] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6723] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6723] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6723] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6724], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6724 [pid 6723] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6723] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6724 attached [pid 6724] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6724] memfd_create("syzkaller", 0) = 3 [ 132.366596][ T6721] loop0: detected capacity change from 0 to 256 [ 132.374468][ T6721] exfat: Deprecated parameter 'utf8' [ 132.385136][ T6721] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6724] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6724] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6724] munmap(0x7f2656609000, 131072) = 0 [pid 6724] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6724] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6724] close(3) = 0 [pid 6724] mkdir("./file2", 0777) = 0 [pid 6724] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6724] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6724] chdir("./file2") = 0 [pid 6724] ioctl(4, LOOP_CLR_FD) = 0 [pid 6724] close(4) = 0 [pid 6724] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6723] <... futex resumed>) = 0 [pid 6723] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6723] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6724] <... futex resumed>) = 1 [pid 6724] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6724] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6723] <... futex resumed>) = 0 [pid 6723] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6723] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6724] <... futex resumed>) = 1 [pid 6724] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6724] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6723] <... futex resumed>) = 0 [pid 6723] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6723] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6724] <... futex resumed>) = 1 [pid 6724] write(4, "\x00\x00", 2) = 2 [pid 6724] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6723] <... futex resumed>) = 0 [pid 6723] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6723] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6723] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6723] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6723] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6725], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6725 [pid 6723] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6723] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6724] <... futex resumed>) = 1 [pid 6724] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6724] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6724] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6725 attached [pid 6725] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6725] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6725] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6725] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6723] <... futex resumed>) = 0 [pid 6723] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6723] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6724] <... futex resumed>) = 0 [pid 6724] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6724] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6723] <... futex resumed>) = 0 [pid 6723] exit_group(0) = ? [pid 6724] <... futex resumed>) = ? [pid 6724] +++ exited with 0 +++ [pid 6725] <... futex resumed>) = ? [pid 6725] +++ exited with 0 +++ [pid 6723] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6723, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./547", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./547", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./547/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./547/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./547/binderfs") = 0 umount2("./547/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./547/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./547/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./547/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./547/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./547/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./547") = 0 mkdir("./548", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6726 ./strace-static-x86_64: Process 6726 attached [pid 6726] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6726] chdir("./548") = 0 [pid 6726] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6726] setpgid(0, 0) = 0 [pid 6726] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6726] write(3, "1000", 4) = 4 [pid 6726] close(3) = 0 [pid 6726] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6726] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6726] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6726] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [ 132.451928][ T6724] loop0: detected capacity change from 0 to 256 [ 132.460280][ T6724] exfat: Deprecated parameter 'utf8' [ 132.469677][ T6724] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6726] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6727], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6727 [pid 6726] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6726] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6727 attached [pid 6727] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6727] memfd_create("syzkaller", 0) = 3 [pid 6727] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6727] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6727] munmap(0x7f2656609000, 131072) = 0 [pid 6727] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6727] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6727] close(3) = 0 [pid 6727] mkdir("./file2", 0777) = 0 [pid 6727] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6727] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6727] chdir("./file2") = 0 [pid 6727] ioctl(4, LOOP_CLR_FD) = 0 [pid 6727] close(4) = 0 [pid 6727] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6726] <... futex resumed>) = 0 [pid 6726] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6726] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6727] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6727] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6726] <... futex resumed>) = 0 [pid 6727] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6726] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6726] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6727] <... openat resumed>) = 5 [pid 6727] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6726] <... futex resumed>) = 0 [pid 6727] write(4, "\x00\x00", 2 [pid 6726] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6727] <... write resumed>) = 2 [pid 6726] <... futex resumed>) = 0 [pid 6727] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6726] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6727] <... futex resumed>) = 0 [pid 6726] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6726] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6726] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6726] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6726] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6726] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6728], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6728 [pid 6726] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6728 attached ) = 0 [pid 6728] set_robust_list(0x7f26566289e0, 24 [pid 6726] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6728] <... set_robust_list resumed>) = 0 [pid 6728] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6727] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6728] <... openat resumed>) = 6 [pid 6728] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6726] <... futex resumed>) = 0 [pid 6728] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6726] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6728] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6726] <... futex resumed>) = 0 [pid 6726] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6728] getdents64(6, [pid 6727] <... mmap resumed>) = 0x20000000 [pid 6728] <... getdents64 resumed>NULL, 32776) = -1 EFAULT (Bad address) [pid 6728] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6726] <... futex resumed>) = 0 [pid 6728] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6727] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6727] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6726] exit_group(0 [pid 6727] <... futex resumed>) = ? [pid 6726] <... exit_group resumed>) = ? [pid 6727] +++ exited with 0 +++ [pid 6728] <... futex resumed>) = ? [pid 6728] +++ exited with 0 +++ [pid 6726] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6726, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./548", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./548", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./548/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./548/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./548/binderfs") = 0 umount2("./548/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./548/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./548/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./548/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./548/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./548/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./548") = 0 mkdir("./549", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6729 attached , child_tidptr=0x555556b3a6d0) = 6729 [pid 6729] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6729] chdir("./549") = 0 [pid 6729] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6729] setpgid(0, 0) = 0 [ 132.538980][ T6727] loop0: detected capacity change from 0 to 256 [ 132.547260][ T6727] exfat: Deprecated parameter 'utf8' [ 132.555435][ T6727] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6729] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6729] write(3, "1000", 4) = 4 [pid 6729] close(3) = 0 [pid 6729] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6729] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6729] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6729] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6729] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6730], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6730 [pid 6729] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6729] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6730 attached [pid 6730] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6730] memfd_create("syzkaller", 0) = 3 [pid 6730] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6730] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6730] munmap(0x7f2656609000, 131072) = 0 [pid 6730] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6730] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6730] close(3) = 0 [pid 6730] mkdir("./file2", 0777) = 0 [pid 6730] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6730] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6730] chdir("./file2") = 0 [pid 6730] ioctl(4, LOOP_CLR_FD) = 0 [pid 6730] close(4) = 0 [pid 6730] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6729] <... futex resumed>) = 0 [pid 6729] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6729] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6730] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6730] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6729] <... futex resumed>) = 0 [pid 6729] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6729] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6730] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6730] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6729] <... futex resumed>) = 0 [pid 6730] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6729] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6729] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6730] <... futex resumed>) = 0 [pid 6730] write(4, "\x00\x00", 2) = 2 [pid 6730] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6729] <... futex resumed>) = 0 [pid 6729] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6729] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6729] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6729] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6729] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6731], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6731 [pid 6729] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6729] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6730] <... futex resumed>) = 1 [pid 6730] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0./strace-static-x86_64: Process 6731 attached ) = 0x20000000 [pid 6730] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6730] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6731] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6731] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6731] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6731] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6729] <... futex resumed>) = 0 [pid 6729] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6729] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6730] <... futex resumed>) = 0 [pid 6730] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6730] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6729] <... futex resumed>) = 0 [pid 6729] exit_group(0) = ? [pid 6730] <... futex resumed>) = ? [pid 6730] +++ exited with 0 +++ [pid 6731] +++ exited with 0 +++ [pid 6729] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6729, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./549", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./549", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./549/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./549/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./549/binderfs") = 0 umount2("./549/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./549/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./549/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./549/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./549/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./549/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./549") = 0 mkdir("./550", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 132.628062][ T6730] loop0: detected capacity change from 0 to 256 [ 132.637630][ T6730] exfat: Deprecated parameter 'utf8' [ 132.646986][ T6730] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6732 ./strace-static-x86_64: Process 6732 attached [pid 6732] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6732] chdir("./550") = 0 [pid 6732] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6732] setpgid(0, 0) = 0 [pid 6732] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6732] write(3, "1000", 4) = 4 [pid 6732] close(3) = 0 [pid 6732] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6732] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6732] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6732] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6732] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6733 attached , parent_tid=[6733], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6733 [pid 6733] set_robust_list(0x7f265ea299e0, 24 [pid 6732] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6733] <... set_robust_list resumed>) = 0 [pid 6732] <... futex resumed>) = 0 [pid 6732] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6733] memfd_create("syzkaller", 0) = 3 [pid 6733] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6733] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6733] munmap(0x7f2656609000, 131072) = 0 [pid 6733] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6733] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6733] close(3) = 0 [pid 6733] mkdir("./file2", 0777) = 0 [pid 6733] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6733] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6733] chdir("./file2") = 0 [pid 6733] ioctl(4, LOOP_CLR_FD) = 0 [pid 6733] close(4) = 0 [pid 6733] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6732] <... futex resumed>) = 0 [pid 6733] <... futex resumed>) = 1 [pid 6732] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6733] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6732] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6733] <... openat resumed>) = 4 [pid 6733] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6732] <... futex resumed>) = 0 [pid 6733] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6732] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6732] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6733] <... openat resumed>) = 5 [pid 6733] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6732] <... futex resumed>) = 0 [pid 6732] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6732] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6733] write(4, "\x00\x00", 2) = 2 [pid 6733] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6732] <... futex resumed>) = 0 [pid 6732] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6732] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6732] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6732] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6732] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6734 attached , parent_tid=[6734], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6734 [pid 6734] set_robust_list(0x7f26566289e0, 24 [pid 6732] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6734] <... set_robust_list resumed>) = 0 [pid 6732] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6734] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6733] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6733] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6734] <... openat resumed>) = 6 [pid 6734] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6732] <... futex resumed>) = 0 [pid 6734] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6732] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6732] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6733] <... futex resumed>) = 1 [pid 6732] <... futex resumed>) = 0 [pid 6732] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6733] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 6733] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6732] <... futex resumed>) = 0 [pid 6733] <... futex resumed>) = 1 [pid 6732] exit_group(0) = ? [pid 6734] <... futex resumed>) = ? [pid 6734] +++ exited with 0 +++ [pid 6733] +++ exited with 0 +++ [pid 6732] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6732, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./550", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./550", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./550/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./550/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./550/binderfs") = 0 umount2("./550/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./550/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./550/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./550/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./550/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./550/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./550") = 0 mkdir("./551", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 132.726306][ T6733] loop0: detected capacity change from 0 to 256 [ 132.734949][ T6733] exfat: Deprecated parameter 'utf8' [ 132.744078][ T6733] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6735 ./strace-static-x86_64: Process 6735 attached [pid 6735] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6735] chdir("./551") = 0 [pid 6735] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6735] setpgid(0, 0) = 0 [pid 6735] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6735] write(3, "1000", 4) = 4 [pid 6735] close(3) = 0 [pid 6735] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6735] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6735] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6735] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6735] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6736 attached , parent_tid=[6736], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6736 [pid 6736] set_robust_list(0x7f265ea299e0, 24 [pid 6735] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6735] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6736] <... set_robust_list resumed>) = 0 [pid 6736] memfd_create("syzkaller", 0) = 3 [pid 6736] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6736] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6736] munmap(0x7f2656609000, 131072) = 0 [pid 6736] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6736] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6736] close(3) = 0 [pid 6736] mkdir("./file2", 0777) = 0 [pid 6736] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6736] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6736] chdir("./file2") = 0 [pid 6736] ioctl(4, LOOP_CLR_FD) = 0 [pid 6736] close(4) = 0 [pid 6736] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6735] <... futex resumed>) = 0 [pid 6736] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6735] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6735] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6736] <... futex resumed>) = 0 [pid 6736] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6736] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6735] <... futex resumed>) = 0 [pid 6735] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6735] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6736] <... futex resumed>) = 1 [pid 6736] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6736] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6735] <... futex resumed>) = 0 [pid 6736] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6735] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6735] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6736] <... futex resumed>) = 0 [pid 6736] write(4, "\x00\x00", 2) = 2 [pid 6736] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6735] <... futex resumed>) = 0 [pid 6735] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6735] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6735] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6735] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6735] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6737 attached , parent_tid=[6737], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6737 [pid 6735] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6735] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6736] <... futex resumed>) = 1 [pid 6736] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6737] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6736] <... mmap resumed>) = 0x20000000 [pid 6737] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6736] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6736] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6737] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6737] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6735] <... futex resumed>) = 0 [pid 6735] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6735] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6736] <... futex resumed>) = 0 [pid 6736] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6736] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6735] <... futex resumed>) = 0 [pid 6735] exit_group(0) = ? [pid 6736] <... futex resumed>) = ? [pid 6736] +++ exited with 0 +++ [pid 6737] <... futex resumed>) = ? [pid 6737] +++ exited with 0 +++ [pid 6735] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6735, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./551", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./551", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./551/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./551/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./551/binderfs") = 0 umount2("./551/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./551/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./551/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./551/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./551/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./551/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 [ 132.825356][ T6736] loop0: detected capacity change from 0 to 256 [ 132.844716][ T6736] exfat: Deprecated parameter 'utf8' [ 132.854460][ T6736] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) close(3) = 0 rmdir("./551") = 0 mkdir("./552", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6738 ./strace-static-x86_64: Process 6738 attached [pid 6738] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6738] chdir("./552") = 0 [pid 6738] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6738] setpgid(0, 0) = 0 [pid 6738] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6738] write(3, "1000", 4) = 4 [pid 6738] close(3) = 0 [pid 6738] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6738] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6738] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6738] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6738] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6739], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6739 [pid 6738] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6739 attached [pid 6739] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6739] memfd_create("syzkaller", 0) = 3 [pid 6739] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6739] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6738] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6739] <... write resumed>) = 131072 [pid 6739] munmap(0x7f2656609000, 131072) = 0 [pid 6739] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6739] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6739] close(3) = 0 [pid 6739] mkdir("./file2", 0777) = 0 [pid 6739] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6739] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6739] chdir("./file2") = 0 [pid 6739] ioctl(4, LOOP_CLR_FD) = 0 [pid 6739] close(4) = 0 [pid 6739] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6738] <... futex resumed>) = 0 [pid 6738] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6739] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6738] <... futex resumed>) = 0 [pid 6738] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6739] <... openat resumed>) = 4 [pid 6739] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6738] <... futex resumed>) = 0 [pid 6739] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6738] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6738] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6739] <... openat resumed>) = 5 [pid 6739] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6738] <... futex resumed>) = 0 [pid 6738] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6738] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6739] write(4, "\x00\x00", 2) = 2 [pid 6739] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6738] <... futex resumed>) = 0 [pid 6738] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6738] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6738] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6738] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6738] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6740 attached [pid 6740] set_robust_list(0x7f26566289e0, 24 [pid 6738] <... clone resumed>, parent_tid=[6740], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6740 [pid 6740] <... set_robust_list resumed>) = 0 [pid 6738] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6740] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6738] <... futex resumed>) = 0 [pid 6738] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6739] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6739] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6740] <... openat resumed>) = 6 [pid 6740] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6740] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6738] <... futex resumed>) = 0 [pid 6739] <... futex resumed>) = 0 [pid 6738] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6738] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6739] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 6739] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6738] <... futex resumed>) = 0 [pid 6738] exit_group(0) = ? [pid 6740] <... futex resumed>) = ? [pid 6740] +++ exited with 0 +++ [pid 6739] +++ exited with 0 +++ [pid 6738] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6738, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./552", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./552", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./552/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./552/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./552/binderfs") = 0 umount2("./552/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./552/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./552/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./552/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./552/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./552/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./552") = 0 mkdir("./553", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6741 attached [pid 6741] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6741] chdir("./553") = 0 [pid 6741] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 132.927768][ T6739] loop0: detected capacity change from 0 to 256 [ 132.935559][ T6739] exfat: Deprecated parameter 'utf8' [ 132.945090][ T6739] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6741] setpgid(0, 0) = 0 [pid 6741] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5078] <... clone resumed>, child_tidptr=0x555556b3a6d0) = 6741 [pid 6741] <... openat resumed>) = 3 [pid 6741] write(3, "1000", 4) = 4 [pid 6741] close(3) = 0 [pid 6741] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6741] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6741] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6741] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6741] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6742], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6742 [pid 6741] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6741] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6742 attached [pid 6742] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6742] memfd_create("syzkaller", 0) = 3 [pid 6742] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6742] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6742] munmap(0x7f2656609000, 131072) = 0 [pid 6742] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6742] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6742] close(3) = 0 [pid 6742] mkdir("./file2", 0777) = 0 [pid 6742] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6742] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6742] chdir("./file2") = 0 [pid 6742] ioctl(4, LOOP_CLR_FD) = 0 [pid 6742] close(4) = 0 [pid 6742] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6742] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6741] <... futex resumed>) = 0 [pid 6741] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6741] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6742] <... futex resumed>) = 0 [pid 6742] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6742] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6741] <... futex resumed>) = 0 [pid 6741] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6741] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6742] <... futex resumed>) = 1 [pid 6742] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6742] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6741] <... futex resumed>) = 0 [pid 6741] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6741] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6742] <... futex resumed>) = 1 [pid 6742] write(4, "\x00\x00", 2) = 2 [pid 6742] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6741] <... futex resumed>) = 0 [pid 6742] <... futex resumed>) = 1 [pid 6741] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6741] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6741] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6741] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6741] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6743], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6743 [pid 6741] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6741] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6742] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0./strace-static-x86_64: Process 6743 attached [pid 6743] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6742] <... mmap resumed>) = 0x20000000 [pid 6743] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6742] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6742] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6743] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6743] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6741] <... futex resumed>) = 0 [pid 6741] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6741] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6742] <... futex resumed>) = 0 [pid 6742] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6742] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6741] <... futex resumed>) = 0 [pid 6741] exit_group(0) = ? [pid 6742] <... futex resumed>) = ? [pid 6742] +++ exited with 0 +++ [pid 6743] +++ exited with 0 +++ [pid 6741] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6741, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./553", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./553", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./553/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./553/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./553/binderfs") = 0 umount2("./553/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./553/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./553/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./553/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./553/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./553/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./553") = 0 mkdir("./554", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6744 [ 133.017230][ T6742] loop0: detected capacity change from 0 to 256 [ 133.025287][ T6742] exfat: Deprecated parameter 'utf8' [ 133.033594][ T6742] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) ./strace-static-x86_64: Process 6744 attached [pid 6744] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6744] chdir("./554") = 0 [pid 6744] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6744] setpgid(0, 0) = 0 [pid 6744] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6744] write(3, "1000", 4) = 4 [pid 6744] close(3) = 0 [pid 6744] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6744] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6744] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6744] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6744] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6745 attached [pid 6745] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6745] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6744] <... clone resumed>, parent_tid=[6745], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6745 [pid 6744] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6745] <... futex resumed>) = 0 [pid 6744] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6745] memfd_create("syzkaller", 0) = 3 [pid 6745] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6745] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6745] munmap(0x7f2656609000, 131072) = 0 [pid 6745] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6745] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6745] close(3) = 0 [pid 6745] mkdir("./file2", 0777) = 0 [pid 6745] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6745] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6745] chdir("./file2") = 0 [pid 6745] ioctl(4, LOOP_CLR_FD) = 0 [pid 6745] close(4) = 0 [pid 6745] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6744] <... futex resumed>) = 0 [pid 6744] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6744] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6745] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6745] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6744] <... futex resumed>) = 0 [pid 6744] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6744] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6745] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6745] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6744] <... futex resumed>) = 0 [pid 6744] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6744] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6745] write(4, "\x00\x00", 2) = 2 [pid 6745] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6744] <... futex resumed>) = 0 [pid 6744] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6744] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6744] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6744] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6744] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6746 attached , parent_tid=[6746], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6746 [pid 6744] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6744] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6745] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6746] set_robust_list(0x7f26566289e0, 24 [pid 6745] <... mmap resumed>) = 0x20000000 [pid 6745] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6745] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6746] <... set_robust_list resumed>) = 0 [pid 6746] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6746] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6746] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6744] <... futex resumed>) = 0 [pid 6744] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6744] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6745] <... futex resumed>) = 0 [pid 6745] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6745] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6744] <... futex resumed>) = 0 [pid 6744] exit_group(0) = ? [pid 6746] +++ exited with 0 +++ [pid 6745] +++ exited with 0 +++ [pid 6744] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6744, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./554", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./554", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./554/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./554/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./554/binderfs") = 0 umount2("./554/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./554/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./554/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./554/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./554/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./554/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./554") = 0 mkdir("./555", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6747 attached [pid 6747] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 5078] <... clone resumed>, child_tidptr=0x555556b3a6d0) = 6747 [pid 6747] chdir("./555") = 0 [pid 6747] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6747] setpgid(0, 0) = 0 [pid 6747] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6747] write(3, "1000", 4) = 4 [pid 6747] close(3) = 0 [pid 6747] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6747] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6747] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6747] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [ 133.114581][ T6745] loop0: detected capacity change from 0 to 256 [ 133.123531][ T6745] exfat: Deprecated parameter 'utf8' [ 133.131798][ T6745] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6747] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6748 attached [pid 6748] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6748] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6747] <... clone resumed>, parent_tid=[6748], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6748 [pid 6747] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6748] <... futex resumed>) = 0 [pid 6747] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6748] memfd_create("syzkaller", 0) = 3 [pid 6748] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6748] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6748] munmap(0x7f2656609000, 131072) = 0 [pid 6748] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6748] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6748] close(3) = 0 [pid 6748] mkdir("./file2", 0777) = 0 [pid 6748] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6748] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6748] chdir("./file2") = 0 [pid 6748] ioctl(4, LOOP_CLR_FD) = 0 [pid 6748] close(4) = 0 [pid 6748] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6747] <... futex resumed>) = 0 [pid 6747] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6748] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6747] <... futex resumed>) = 0 [pid 6747] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6748] <... openat resumed>) = 4 [pid 6748] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6747] <... futex resumed>) = 0 [pid 6748] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6747] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6747] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6748] <... futex resumed>) = 0 [pid 6748] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6748] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6747] <... futex resumed>) = 0 [pid 6747] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6747] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6748] <... futex resumed>) = 1 [pid 6748] write(4, "\x00\x00", 2) = 2 [pid 6748] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6747] <... futex resumed>) = 0 [pid 6747] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6747] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6747] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6747] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6747] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6749], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6749 [pid 6747] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6747] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6748] <... futex resumed>) = 1 [pid 6748] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0./strace-static-x86_64: Process 6749 attached [pid 6749] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6748] <... mmap resumed>) = 0x20000000 [pid 6748] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6748] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6749] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6749] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6749] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6747] <... futex resumed>) = 0 [pid 6747] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6747] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6748] <... futex resumed>) = 0 [pid 6748] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6748] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6747] <... futex resumed>) = 0 [pid 6747] exit_group(0) = ? [pid 6748] <... futex resumed>) = ? [pid 6748] +++ exited with 0 +++ [pid 6749] +++ exited with 0 +++ [pid 6747] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6747, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./555", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./555", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./555/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./555/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./555/binderfs") = 0 umount2("./555/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./555/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./555/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./555/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./555/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./555/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./555") = 0 mkdir("./556", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6750 ./strace-static-x86_64: Process 6750 attached [pid 6750] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6750] chdir("./556") = 0 [pid 6750] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6750] setpgid(0, 0) = 0 [ 133.200889][ T6748] loop0: detected capacity change from 0 to 256 [ 133.209564][ T6748] exfat: Deprecated parameter 'utf8' [ 133.218470][ T6748] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6750] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6750] write(3, "1000", 4) = 4 [pid 6750] close(3) = 0 [pid 6750] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6750] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6750] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6750] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6750] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6751], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6751 [pid 6750] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6750] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6751 attached [pid 6751] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6751] memfd_create("syzkaller", 0) = 3 [pid 6751] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6751] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6751] munmap(0x7f2656609000, 131072) = 0 [pid 6751] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6751] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6751] close(3) = 0 [pid 6751] mkdir("./file2", 0777) = 0 [pid 6751] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6751] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6751] chdir("./file2") = 0 [pid 6751] ioctl(4, LOOP_CLR_FD) = 0 [pid 6751] close(4) = 0 [pid 6751] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6750] <... futex resumed>) = 0 [pid 6750] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6750] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6751] <... futex resumed>) = 1 [pid 6751] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6751] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6750] <... futex resumed>) = 0 [pid 6750] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6750] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6751] <... futex resumed>) = 1 [pid 6751] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6751] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6750] <... futex resumed>) = 0 [pid 6750] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6750] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6751] <... futex resumed>) = 1 [pid 6751] write(4, "\x00\x00", 2) = 2 [pid 6751] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6750] <... futex resumed>) = 0 [pid 6750] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6750] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6750] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6750] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6750] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6752 attached , parent_tid=[6752], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6752 [pid 6750] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6750] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6751] <... futex resumed>) = 1 [pid 6751] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6752] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6751] <... mmap resumed>) = 0x20000000 [pid 6752] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6751] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6751] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6752] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6752] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6750] <... futex resumed>) = 0 [pid 6750] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6750] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6751] <... futex resumed>) = 0 [pid 6751] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6751] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6750] <... futex resumed>) = 0 [pid 6750] exit_group(0) = ? [pid 6751] <... futex resumed>) = ? [pid 6751] +++ exited with 0 +++ [pid 6752] <... futex resumed>) = ? [pid 6752] +++ exited with 0 +++ [pid 6750] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6750, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./556", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./556", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./556/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./556/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./556/binderfs") = 0 umount2("./556/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./556/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./556/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./556/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./556/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./556/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./556") = 0 mkdir("./557", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6753 ./strace-static-x86_64: Process 6753 attached [pid 6753] set_robust_list(0x555556b3a6e0, 24) = 0 [ 133.288888][ T6751] loop0: detected capacity change from 0 to 256 [ 133.297603][ T6751] exfat: Deprecated parameter 'utf8' [ 133.305447][ T6751] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6753] chdir("./557") = 0 [pid 6753] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6753] setpgid(0, 0) = 0 [pid 6753] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6753] write(3, "1000", 4) = 4 [pid 6753] close(3) = 0 [pid 6753] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6753] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6753] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6753] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6753] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6754 attached , parent_tid=[6754], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6754 [pid 6753] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6753] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6754] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6754] memfd_create("syzkaller", 0) = 3 [pid 6754] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6754] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6754] munmap(0x7f2656609000, 131072) = 0 [pid 6754] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6754] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6754] close(3) = 0 [pid 6754] mkdir("./file2", 0777) = 0 [pid 6754] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6754] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6754] chdir("./file2") = 0 [pid 6754] ioctl(4, LOOP_CLR_FD) = 0 [pid 6754] close(4) = 0 [pid 6754] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6754] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6753] <... futex resumed>) = 0 [pid 6753] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6754] <... futex resumed>) = 0 [pid 6754] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6753] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6754] <... openat resumed>) = 4 [pid 6754] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6753] <... futex resumed>) = 0 [pid 6753] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6754] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6753] <... futex resumed>) = 0 [pid 6753] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6754] <... openat resumed>) = 5 [pid 6754] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6753] <... futex resumed>) = 0 [pid 6754] <... futex resumed>) = 1 [pid 6753] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6754] write(4, "\x00\x00", 2 [pid 6753] <... futex resumed>) = 0 [pid 6754] <... write resumed>) = 2 [pid 6753] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6754] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6753] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6754] <... futex resumed>) = 0 [pid 6753] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6754] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6753] <... futex resumed>) = 0 [pid 6753] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6753] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6754] <... mmap resumed>) = 0x20000000 [pid 6753] <... mmap resumed>) = 0x7f2656608000 [pid 6754] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6753] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6754] <... futex resumed>) = 0 [pid 6753] <... mprotect resumed>) = 0 [pid 6753] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6754] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6755 attached [pid 6755] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6755] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6753] <... clone resumed>, parent_tid=[6755], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6755 [pid 6753] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6755] <... futex resumed>) = 0 [pid 6755] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6755] openat(AT_FDCWD, "", O_RDONLY [pid 6753] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6755] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 6755] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6755] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6753] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6753] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6754] <... futex resumed>) = 0 [pid 6753] <... futex resumed>) = 1 [pid 6754] getdents64(-1, [pid 6753] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6754] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6754] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6753] <... futex resumed>) = 0 [pid 6754] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6753] exit_group(0) = ? [pid 6755] <... futex resumed>) = ? [pid 6755] +++ exited with 0 +++ [pid 6754] <... futex resumed>) = ? [pid 6754] +++ exited with 0 +++ [pid 6753] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6753, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./557", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./557", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./557/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./557/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./557/binderfs") = 0 umount2("./557/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./557/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./557/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./557/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./557/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./557/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./557") = 0 mkdir("./558", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6756 ./strace-static-x86_64: Process 6756 attached [pid 6756] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6756] chdir("./558") = 0 [pid 6756] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6756] setpgid(0, 0) = 0 [pid 6756] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6756] write(3, "1000", 4) = 4 [pid 6756] close(3) = 0 [ 133.392408][ T6754] loop0: detected capacity change from 0 to 256 [ 133.400404][ T6754] exfat: Deprecated parameter 'utf8' [ 133.409011][ T6754] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6756] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6756] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6756] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6756] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6756] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6757 attached , parent_tid=[6757], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6757 [pid 6757] set_robust_list(0x7f265ea299e0, 24 [pid 6756] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6756] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6757] <... set_robust_list resumed>) = 0 [pid 6757] memfd_create("syzkaller", 0) = 3 [pid 6757] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6757] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6757] munmap(0x7f2656609000, 131072) = 0 [pid 6757] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6757] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6757] close(3) = 0 [pid 6757] mkdir("./file2", 0777) = 0 [pid 6757] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6757] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6757] chdir("./file2") = 0 [pid 6757] ioctl(4, LOOP_CLR_FD) = 0 [pid 6757] close(4) = 0 [pid 6757] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6757] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6756] <... futex resumed>) = 0 [pid 6756] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6756] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6757] <... futex resumed>) = 0 [pid 6757] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6757] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6756] <... futex resumed>) = 0 [pid 6757] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6756] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6756] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6757] <... openat resumed>) = 5 [pid 6757] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6756] <... futex resumed>) = 0 [pid 6757] write(4, "\x00\x00", 2 [pid 6756] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6756] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6757] <... write resumed>) = 2 [pid 6757] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6756] <... futex resumed>) = 0 [pid 6757] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6756] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6756] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6756] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6757] <... mmap resumed>) = 0x20000000 [pid 6756] <... mmap resumed>) = 0x7f2656608000 [pid 6757] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6756] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6757] <... futex resumed>) = 0 [pid 6756] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6757] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6758 attached [pid 6758] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6758] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6756] <... clone resumed>, parent_tid=[6758], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6758 [pid 6756] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6756] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6758] <... futex resumed>) = 0 [pid 6758] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6758] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6758] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6756] <... futex resumed>) = 0 [pid 6758] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6756] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6756] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6757] <... futex resumed>) = 0 [pid 6757] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6757] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6756] <... futex resumed>) = 0 [pid 6756] exit_group(0) = ? [pid 6758] <... futex resumed>) = ? [pid 6758] +++ exited with 0 +++ [pid 6757] +++ exited with 0 +++ [pid 6756] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6756, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./558", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./558", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./558/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./558/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./558/binderfs") = 0 umount2("./558/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./558/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./558/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./558/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./558/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./558/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./558") = 0 mkdir("./559", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 133.480927][ T6757] loop0: detected capacity change from 0 to 256 [ 133.489149][ T6757] exfat: Deprecated parameter 'utf8' [ 133.497852][ T6757] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6759 ./strace-static-x86_64: Process 6759 attached [pid 6759] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6759] chdir("./559") = 0 [pid 6759] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6759] setpgid(0, 0) = 0 [pid 6759] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6759] write(3, "1000", 4) = 4 [pid 6759] close(3) = 0 [pid 6759] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6759] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6759] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6759] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6759] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6760 attached , parent_tid=[6760], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6760 [pid 6760] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6760] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6759] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6760] <... futex resumed>) = 0 [pid 6759] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6760] memfd_create("syzkaller", 0) = 3 [pid 6760] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6760] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6760] munmap(0x7f2656609000, 131072) = 0 [pid 6760] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6760] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6760] close(3) = 0 [pid 6760] mkdir("./file2", 0777) = 0 [pid 6760] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6760] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6760] chdir("./file2") = 0 [pid 6760] ioctl(4, LOOP_CLR_FD) = 0 [pid 6760] close(4) = 0 [pid 6760] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6759] <... futex resumed>) = 0 [pid 6759] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6759] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6760] <... futex resumed>) = 1 [pid 6760] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6760] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6759] <... futex resumed>) = 0 [pid 6759] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6759] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6760] <... futex resumed>) = 1 [pid 6760] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6760] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6759] <... futex resumed>) = 0 [pid 6759] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6759] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6760] <... futex resumed>) = 1 [pid 6760] write(4, "\x00\x00", 2) = 2 [pid 6760] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6759] <... futex resumed>) = 0 [pid 6759] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6759] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6759] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6759] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6760] <... futex resumed>) = 1 [pid 6759] <... mprotect resumed>) = 0 [pid 6759] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6760] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6759] <... clone resumed>, parent_tid=[6761], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6761 [pid 6759] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6759] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6761 attached [pid 6761] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6761] openat(AT_FDCWD, "", O_RDONLY [pid 6760] <... mmap resumed>) = 0x20000000 [pid 6761] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 6761] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6759] <... futex resumed>) = 0 [pid 6759] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6759] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6761] <... futex resumed>) = 1 [pid 6761] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6761] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6759] <... futex resumed>) = 0 [pid 6760] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6759] exit_group(0) = ? [pid 6761] +++ exited with 0 +++ [pid 6760] <... futex resumed>) = ? [pid 6760] +++ exited with 0 +++ [pid 6759] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6759, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./559", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./559", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./559/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./559/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./559/binderfs") = 0 umount2("./559/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./559/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./559/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./559/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./559/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./559/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./559") = 0 mkdir("./560", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6762 ./strace-static-x86_64: Process 6762 attached [pid 6762] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6762] chdir("./560") = 0 [pid 6762] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6762] setpgid(0, 0) = 0 [pid 6762] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6762] write(3, "1000", 4) = 4 [pid 6762] close(3) = 0 [pid 6762] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6762] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6762] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6762] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6762] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6763], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6763 [pid 6762] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 133.581300][ T6760] loop0: detected capacity change from 0 to 256 [ 133.589322][ T6760] exfat: Deprecated parameter 'utf8' [ 133.598437][ T6760] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6762] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6763 attached [pid 6763] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6763] memfd_create("syzkaller", 0) = 3 [pid 6763] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6763] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6763] munmap(0x7f2656609000, 131072) = 0 [pid 6763] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6763] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6763] close(3) = 0 [pid 6763] mkdir("./file2", 0777) = 0 [pid 6763] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6763] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6763] chdir("./file2") = 0 [pid 6763] ioctl(4, LOOP_CLR_FD) = 0 [pid 6763] close(4) = 0 [pid 6763] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6762] <... futex resumed>) = 0 [pid 6763] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6762] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6763] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6762] <... futex resumed>) = 0 [pid 6762] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6763] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6763] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6762] <... futex resumed>) = 0 [pid 6763] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6762] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6762] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6763] <... openat resumed>) = 5 [pid 6763] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6762] <... futex resumed>) = 0 [pid 6762] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6762] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6763] write(4, "\x00\x00", 2) = 2 [pid 6763] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6762] <... futex resumed>) = 0 [pid 6762] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6762] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6762] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6762] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6762] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6764 attached , parent_tid=[6764], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6764 [pid 6764] set_robust_list(0x7f26566289e0, 24 [pid 6762] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6764] <... set_robust_list resumed>) = 0 [pid 6762] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6764] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6763] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6764] <... openat resumed>) = 6 [pid 6764] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6762] <... futex resumed>) = 0 [pid 6764] getdents64(6, [pid 6762] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6762] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6763] <... mmap resumed>) = 0x20000000 [pid 6764] <... getdents64 resumed>NULL, 32776) = -1 EFAULT (Bad address) [pid 6764] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6762] <... futex resumed>) = 0 [pid 6764] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6763] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6763] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6762] exit_group(0 [pid 6764] <... futex resumed>) = ? [pid 6762] <... exit_group resumed>) = ? [pid 6764] +++ exited with 0 +++ [pid 6763] <... futex resumed>) = ? [pid 6763] +++ exited with 0 +++ [pid 6762] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6762, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./560", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./560", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./560/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./560/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./560/binderfs") = 0 umount2("./560/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./560/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./560/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./560/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./560/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./560/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./560") = 0 mkdir("./561", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6765 attached , child_tidptr=0x555556b3a6d0) = 6765 [pid 6765] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6765] chdir("./561") = 0 [pid 6765] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6765] setpgid(0, 0) = 0 [ 133.669126][ T6763] loop0: detected capacity change from 0 to 256 [ 133.679260][ T6763] exfat: Deprecated parameter 'utf8' [ 133.688681][ T6763] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6765] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6765] write(3, "1000", 4) = 4 [pid 6765] close(3) = 0 [pid 6765] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6765] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6765] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6765] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6765] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6766 attached , parent_tid=[6766], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6766 [pid 6765] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6765] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6766] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6766] memfd_create("syzkaller", 0) = 3 [pid 6766] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6766] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6766] munmap(0x7f2656609000, 131072) = 0 [pid 6766] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6766] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6766] close(3) = 0 [pid 6766] mkdir("./file2", 0777) = 0 [pid 6766] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6766] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6766] chdir("./file2") = 0 [pid 6766] ioctl(4, LOOP_CLR_FD) = 0 [pid 6766] close(4) = 0 [pid 6766] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6765] <... futex resumed>) = 0 [pid 6765] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6766] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6765] <... futex resumed>) = 0 [pid 6765] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6766] <... openat resumed>) = 4 [pid 6766] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6765] <... futex resumed>) = 0 [pid 6766] <... futex resumed>) = 1 [pid 6765] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6765] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6766] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6766] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6765] <... futex resumed>) = 0 [pid 6765] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6765] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6766] write(4, "\x00\x00", 2) = 2 [pid 6766] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6765] <... futex resumed>) = 0 [pid 6765] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6765] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6765] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6765] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6765] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6767 attached , parent_tid=[6767], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6767 [pid 6767] set_robust_list(0x7f26566289e0, 24 [pid 6765] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6767] <... set_robust_list resumed>) = 0 [pid 6765] <... futex resumed>) = 0 [pid 6767] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6765] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6766] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6767] <... openat resumed>) = 6 [pid 6767] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6765] <... futex resumed>) = 0 [pid 6767] getdents64(6, [pid 6765] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6765] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6767] <... getdents64 resumed>NULL, 32776) = -1 EFAULT (Bad address) [pid 6767] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6765] <... futex resumed>) = 0 [pid 6767] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6766] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6766] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6765] exit_group(0 [pid 6767] <... futex resumed>) = ? [pid 6765] <... exit_group resumed>) = ? [pid 6767] +++ exited with 0 +++ [pid 6766] <... futex resumed>) = ? [pid 6766] +++ exited with 0 +++ [pid 6765] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6765, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./561", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./561", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./561/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./561/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./561/binderfs") = 0 umount2("./561/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./561/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./561/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./561/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./561/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./561/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./561") = 0 mkdir("./562", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6768 [ 133.774332][ T6766] loop0: detected capacity change from 0 to 256 [ 133.783220][ T6766] exfat: Deprecated parameter 'utf8' [ 133.791216][ T6766] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) ./strace-static-x86_64: Process 6768 attached [pid 6768] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6768] chdir("./562") = 0 [pid 6768] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6768] setpgid(0, 0) = 0 [pid 6768] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6768] write(3, "1000", 4) = 4 [pid 6768] close(3) = 0 [pid 6768] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6768] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6768] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6768] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6768] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6769], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6769 ./strace-static-x86_64: Process 6769 attached [pid 6769] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6769] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6768] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6769] <... futex resumed>) = 0 [pid 6768] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6769] memfd_create("syzkaller", 0) = 3 [pid 6769] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6769] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6769] munmap(0x7f2656609000, 131072) = 0 [pid 6769] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6769] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6769] close(3) = 0 [pid 6769] mkdir("./file2", 0777) = 0 [pid 6769] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6769] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6769] chdir("./file2") = 0 [pid 6769] ioctl(4, LOOP_CLR_FD) = 0 [pid 6769] close(4) = 0 [pid 6769] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6768] <... futex resumed>) = 0 [pid 6768] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6768] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6769] <... futex resumed>) = 1 [pid 6769] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6769] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6768] <... futex resumed>) = 0 [pid 6768] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6768] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6769] <... futex resumed>) = 1 [pid 6769] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6769] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6768] <... futex resumed>) = 0 [pid 6768] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6768] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6769] <... futex resumed>) = 1 [pid 6769] write(4, "\x00\x00", 2) = 2 [pid 6769] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6768] <... futex resumed>) = 0 [pid 6768] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6768] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6768] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6768] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6768] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6770 attached , parent_tid=[6770], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6770 [pid 6768] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6769] <... futex resumed>) = 1 [pid 6768] <... futex resumed>) = 0 [pid 6769] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6768] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6770] set_robust_list(0x7f26566289e0, 24 [pid 6769] <... mmap resumed>) = 0x20000000 [pid 6769] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6769] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6770] <... set_robust_list resumed>) = 0 [pid 6770] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6770] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6770] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6768] <... futex resumed>) = 0 [pid 6770] <... futex resumed>) = 1 [pid 6768] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6770] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6769] <... futex resumed>) = 0 [pid 6768] <... futex resumed>) = 1 [pid 6769] getdents64(-1, [pid 6768] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6769] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6769] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6768] <... futex resumed>) = 0 [pid 6769] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6768] exit_group(0 [pid 6770] <... futex resumed>) = ? [pid 6769] <... futex resumed>) = ? [pid 6768] <... exit_group resumed>) = ? [pid 6770] +++ exited with 0 +++ [pid 6769] +++ exited with 0 +++ [pid 6768] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6768, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./562", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./562", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./562/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./562/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./562/binderfs") = 0 umount2("./562/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./562/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./562/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./562/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./562/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./562/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./562") = 0 mkdir("./563", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6771 attached , child_tidptr=0x555556b3a6d0) = 6771 [pid 6771] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6771] chdir("./563") = 0 [ 133.871491][ T6769] loop0: detected capacity change from 0 to 256 [ 133.879459][ T6769] exfat: Deprecated parameter 'utf8' [ 133.888704][ T6769] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6771] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6771] setpgid(0, 0) = 0 [pid 6771] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6771] write(3, "1000", 4) = 4 [pid 6771] close(3) = 0 [pid 6771] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6771] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6771] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6771] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6771] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6772 attached , parent_tid=[6772], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6772 [pid 6771] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6771] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6772] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6772] memfd_create("syzkaller", 0) = 3 [pid 6772] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6772] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6772] munmap(0x7f2656609000, 131072) = 0 [pid 6772] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6772] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6772] close(3) = 0 [pid 6772] mkdir("./file2", 0777) = 0 [pid 6772] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6772] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6772] chdir("./file2") = 0 [pid 6772] ioctl(4, LOOP_CLR_FD) = 0 [pid 6772] close(4) = 0 [pid 6772] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6771] <... futex resumed>) = 0 [pid 6771] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6772] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6771] <... futex resumed>) = 0 [pid 6771] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6772] <... openat resumed>) = 4 [pid 6772] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6771] <... futex resumed>) = 0 [pid 6771] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6771] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6772] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6772] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6771] <... futex resumed>) = 0 [pid 6771] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6771] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6772] write(4, "\x00\x00", 2) = 2 [pid 6772] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6771] <... futex resumed>) = 0 [pid 6771] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6771] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6771] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6772] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6771] <... mmap resumed>) = 0x7f2656608000 [pid 6771] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6772] <... mmap resumed>) = 0x20000000 [pid 6771] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6773], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6773 [pid 6772] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6771] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6771] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6773 attached [pid 6773] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6773] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6773] openat(AT_FDCWD, "", O_RDONLY [pid 6772] <... futex resumed>) = 0 [pid 6773] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 6773] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6771] <... futex resumed>) = 0 [pid 6771] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6772] getdents64(-1, [pid 6771] <... futex resumed>) = 0 [pid 6771] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6773] <... futex resumed>) = 1 [pid 6773] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6772] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6772] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6771] <... futex resumed>) = 0 [pid 6771] exit_group(0) = ? [pid 6773] <... futex resumed>) = ? [pid 6773] +++ exited with 0 +++ [pid 6772] +++ exited with 0 +++ [pid 6771] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6771, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./563", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./563", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./563/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./563/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./563/binderfs") = 0 umount2("./563/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./563/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./563/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./563/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./563/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./563/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./563") = 0 mkdir("./564", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 133.962635][ T6772] loop0: detected capacity change from 0 to 256 [ 133.972142][ T6772] exfat: Deprecated parameter 'utf8' [ 133.981380][ T6772] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6774 ./strace-static-x86_64: Process 6774 attached [pid 6774] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6774] chdir("./564") = 0 [pid 6774] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6774] setpgid(0, 0) = 0 [pid 6774] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6774] write(3, "1000", 4) = 4 [pid 6774] close(3) = 0 [pid 6774] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6774] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6774] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6774] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6774] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6775], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6775 ./strace-static-x86_64: Process 6775 attached [pid 6775] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6775] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6774] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6775] <... futex resumed>) = 0 [pid 6775] memfd_create("syzkaller", 0 [pid 6774] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6775] <... memfd_create resumed>) = 3 [pid 6775] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6775] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6775] munmap(0x7f2656609000, 131072) = 0 [pid 6775] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6775] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6775] close(3) = 0 [pid 6775] mkdir("./file2", 0777) = 0 [pid 6775] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6775] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6775] chdir("./file2") = 0 [pid 6775] ioctl(4, LOOP_CLR_FD) = 0 [pid 6775] close(4) = 0 [pid 6775] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6774] <... futex resumed>) = 0 [pid 6774] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6774] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6775] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6775] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6774] <... futex resumed>) = 0 [pid 6775] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6774] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6774] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6775] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6775] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6775] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6774] <... futex resumed>) = 0 [pid 6774] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6774] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6775] write(4, "\x00\x00", 2) = 2 [pid 6775] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6774] <... futex resumed>) = 0 [pid 6774] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6774] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6774] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6775] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6774] <... mmap resumed>) = 0x7f2656608000 [pid 6774] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6775] <... mmap resumed>) = 0x20000000 [pid 6774] <... mprotect resumed>) = 0 [pid 6774] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6775] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6774] <... clone resumed>, parent_tid=[6776], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6776 [pid 6774] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6774] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6776 attached [pid 6776] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6776] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6776] openat(AT_FDCWD, "", O_RDONLY [pid 6775] <... futex resumed>) = 0 [pid 6776] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 6776] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6774] <... futex resumed>) = 0 [pid 6774] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6774] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6776] <... futex resumed>) = 1 [pid 6776] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6775] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6775] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6774] <... futex resumed>) = 0 [pid 6774] exit_group(0) = ? [pid 6776] <... futex resumed>) = ? [pid 6776] +++ exited with 0 +++ [pid 6775] +++ exited with 0 +++ [pid 6774] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6774, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./564", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./564", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./564/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./564/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./564/binderfs") = 0 umount2("./564/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./564/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./564/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./564/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./564/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./564/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./564") = 0 [ 134.059115][ T6775] loop0: detected capacity change from 0 to 256 [ 134.069048][ T6775] exfat: Deprecated parameter 'utf8' [ 134.077590][ T6775] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) mkdir("./565", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6777 attached [pid 6777] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6777] chdir("./565") = 0 [pid 6777] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5078] <... clone resumed>, child_tidptr=0x555556b3a6d0) = 6777 [pid 6777] <... prctl resumed>) = 0 [pid 6777] setpgid(0, 0) = 0 [pid 6777] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6777] write(3, "1000", 4) = 4 [pid 6777] close(3) = 0 [pid 6777] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6777] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6777] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6777] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6777] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6778], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6778 [pid 6777] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6777] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6778 attached [pid 6778] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6778] memfd_create("syzkaller", 0) = 3 [pid 6778] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6778] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6778] munmap(0x7f2656609000, 131072) = 0 [pid 6778] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6778] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6778] close(3) = 0 [pid 6778] mkdir("./file2", 0777) = 0 [pid 6778] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6778] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6778] chdir("./file2") = 0 [pid 6778] ioctl(4, LOOP_CLR_FD) = 0 [pid 6778] close(4) = 0 [pid 6778] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6777] <... futex resumed>) = 0 [pid 6777] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6777] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6778] <... futex resumed>) = 1 [pid 6778] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6778] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6777] <... futex resumed>) = 0 [pid 6777] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6777] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6778] <... futex resumed>) = 1 [pid 6778] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6778] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6777] <... futex resumed>) = 0 [pid 6777] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6777] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6778] <... futex resumed>) = 1 [pid 6778] write(4, "\x00\x00", 2) = 2 [pid 6778] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6777] <... futex resumed>) = 0 [pid 6777] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6777] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6777] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6777] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6777] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6779], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6779 [pid 6777] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6777] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6778] <... futex resumed>) = 1 [pid 6778] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6778] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6779 attached ) = 0 [pid 6779] set_robust_list(0x7f26566289e0, 24 [pid 6778] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6779] <... set_robust_list resumed>) = 0 [pid 6779] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6779] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6779] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6777] <... futex resumed>) = 0 [pid 6777] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6777] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6779] <... futex resumed>) = 1 [pid 6778] <... futex resumed>) = 0 [pid 6779] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6778] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6778] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6777] <... futex resumed>) = 0 [pid 6777] exit_group(0) = ? [pid 6778] <... futex resumed>) = ? [pid 6778] +++ exited with 0 +++ [pid 6779] <... futex resumed>) = ? [pid 6779] +++ exited with 0 +++ [pid 6777] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6777, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./565", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./565", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./565/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./565/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./565/binderfs") = 0 umount2("./565/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./565/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./565/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./565/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./565/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./565/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./565") = 0 mkdir("./566", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6780 ./strace-static-x86_64: Process 6780 attached [pid 6780] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6780] chdir("./566") = 0 [pid 6780] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6780] setpgid(0, 0) = 0 [pid 6780] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6780] write(3, "1000", 4) = 4 [pid 6780] close(3) = 0 [pid 6780] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6780] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6780] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6780] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6780] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6781 attached , parent_tid=[6781], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6781 [pid 6781] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6781] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6780] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6781] <... futex resumed>) = 0 [pid 6781] memfd_create("syzkaller", 0 [pid 6780] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6781] <... memfd_create resumed>) = 3 [pid 6781] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6781] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6781] munmap(0x7f2656609000, 131072) = 0 [ 134.151310][ T6778] loop0: detected capacity change from 0 to 256 [ 134.159483][ T6778] exfat: Deprecated parameter 'utf8' [ 134.168431][ T6778] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6781] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6781] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6781] close(3) = 0 [pid 6781] mkdir("./file2", 0777) = 0 [pid 6781] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6781] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6781] chdir("./file2") = 0 [pid 6781] ioctl(4, LOOP_CLR_FD) = 0 [pid 6781] close(4) = 0 [pid 6781] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6780] <... futex resumed>) = 0 [pid 6780] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6780] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6781] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6781] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6781] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6780] <... futex resumed>) = 0 [pid 6780] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6780] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6781] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6781] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6781] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6780] <... futex resumed>) = 0 [pid 6780] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6780] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6781] write(4, "\x00\x00", 2) = 2 [pid 6781] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6780] <... futex resumed>) = 0 [pid 6780] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6780] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6780] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6781] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6780] <... mmap resumed>) = 0x7f2656608000 [pid 6780] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6781] <... mmap resumed>) = 0x20000000 [pid 6781] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6780] <... mprotect resumed>) = 0 [pid 6780] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6782], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6782 [pid 6781] <... futex resumed>) = 0 [pid 6780] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6780] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6782 attached [pid 6781] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6782] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6782] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6782] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6782] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6780] <... futex resumed>) = 0 [pid 6782] <... futex resumed>) = 1 [pid 6780] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6782] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6780] <... futex resumed>) = 1 [pid 6781] <... futex resumed>) = 0 [pid 6781] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6781] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6781] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6780] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6780] exit_group(0) = ? [pid 6781] <... futex resumed>) = ? [pid 6782] <... futex resumed>) = ? [pid 6781] +++ exited with 0 +++ [pid 6782] +++ exited with 0 +++ [pid 6780] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6780, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./566", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./566", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./566/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./566/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./566/binderfs") = 0 umount2("./566/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./566/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./566/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./566/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./566/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./566/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 [ 134.232516][ T6781] loop0: detected capacity change from 0 to 256 [ 134.241967][ T6781] exfat: Deprecated parameter 'utf8' [ 134.251123][ T6781] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) close(3) = 0 rmdir("./566") = 0 mkdir("./567", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6783 ./strace-static-x86_64: Process 6783 attached [pid 6783] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6783] chdir("./567") = 0 [pid 6783] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6783] setpgid(0, 0) = 0 [pid 6783] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6783] write(3, "1000", 4) = 4 [pid 6783] close(3) = 0 [pid 6783] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6783] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6783] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6783] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6783] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6784], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6784 [pid 6783] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6783] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6784 attached [pid 6784] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6784] memfd_create("syzkaller", 0) = 3 [pid 6784] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6784] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6784] munmap(0x7f2656609000, 131072) = 0 [pid 6784] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6784] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6784] close(3) = 0 [pid 6784] mkdir("./file2", 0777) = 0 [pid 6784] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6784] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6784] chdir("./file2") = 0 [pid 6784] ioctl(4, LOOP_CLR_FD) = 0 [pid 6784] close(4) = 0 [pid 6784] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6783] <... futex resumed>) = 0 [pid 6784] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6783] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6783] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6784] <... openat resumed>) = 4 [pid 6784] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6783] <... futex resumed>) = 0 [pid 6784] <... futex resumed>) = 1 [pid 6783] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6784] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6783] <... futex resumed>) = 0 [pid 6783] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6784] <... openat resumed>) = 5 [pid 6784] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6783] <... futex resumed>) = 0 [pid 6783] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6784] write(4, "\x00\x00", 2 [pid 6783] <... futex resumed>) = 0 [pid 6783] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6784] <... write resumed>) = 2 [pid 6784] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6783] <... futex resumed>) = 0 [pid 6783] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6784] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6783] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6783] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6784] <... mmap resumed>) = 0x20000000 [pid 6783] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6784] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6783] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6784] <... futex resumed>) = 0 [pid 6783] <... clone resumed>, parent_tid=[6785], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6785 [pid 6783] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6784] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6783] <... futex resumed>) = 0 [pid 6783] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6785 attached [pid 6785] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6785] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6785] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6785] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6785] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6783] <... futex resumed>) = 0 [pid 6783] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6783] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6784] <... futex resumed>) = 0 [pid 6784] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6784] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6783] <... futex resumed>) = 0 [pid 6783] exit_group(0) = ? [pid 6785] <... futex resumed>) = ? [pid 6785] +++ exited with 0 +++ [pid 6784] +++ exited with 0 +++ [pid 6783] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6783, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./567", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./567", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./567/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./567/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./567/binderfs") = 0 umount2("./567/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./567/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./567/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./567/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./567/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./567/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./567") = 0 mkdir("./568", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6786 ./strace-static-x86_64: Process 6786 attached [pid 6786] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6786] chdir("./568") = 0 [pid 6786] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6786] setpgid(0, 0) = 0 [pid 6786] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6786] write(3, "1000", 4) = 4 [pid 6786] close(3) = 0 [pid 6786] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6786] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6786] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6786] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6786] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6787], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6787 ./strace-static-x86_64: Process 6787 attached [pid 6787] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6787] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 134.335735][ T6784] loop0: detected capacity change from 0 to 256 [ 134.344384][ T6784] exfat: Deprecated parameter 'utf8' [ 134.353701][ T6784] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6786] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6787] <... futex resumed>) = 0 [pid 6786] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6787] memfd_create("syzkaller", 0) = 3 [pid 6787] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6787] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6787] munmap(0x7f2656609000, 131072) = 0 [pid 6787] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6787] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6787] close(3) = 0 [pid 6787] mkdir("./file2", 0777) = 0 [pid 6787] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6787] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6787] chdir("./file2") = 0 [pid 6787] ioctl(4, LOOP_CLR_FD) = 0 [pid 6787] close(4) = 0 [pid 6787] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6786] <... futex resumed>) = 0 [pid 6786] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6786] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6787] <... futex resumed>) = 1 [pid 6787] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6787] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6786] <... futex resumed>) = 0 [pid 6786] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6786] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6787] <... futex resumed>) = 1 [pid 6787] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6787] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6787] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6786] <... futex resumed>) = 0 [pid 6786] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6786] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6787] <... futex resumed>) = 0 [pid 6787] write(4, "\x00\x00", 2) = 2 [pid 6787] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6786] <... futex resumed>) = 0 [pid 6786] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6786] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6786] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6786] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6786] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6788], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6788 [pid 6786] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6786] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6787] <... futex resumed>) = 1 [pid 6787] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0./strace-static-x86_64: Process 6788 attached [pid 6788] set_robust_list(0x7f26566289e0, 24 [pid 6787] <... mmap resumed>) = 0x20000000 [pid 6787] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6787] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6788] <... set_robust_list resumed>) = 0 [pid 6788] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6788] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6788] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6786] <... futex resumed>) = 0 [pid 6786] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6786] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6787] <... futex resumed>) = 0 [pid 6787] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6787] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6786] <... futex resumed>) = 0 [pid 6786] exit_group(0) = ? [pid 6787] <... futex resumed>) = ? [pid 6787] +++ exited with 0 +++ [pid 6788] <... futex resumed>) = ? [pid 6788] +++ exited with 0 +++ [pid 6786] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6786, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./568", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./568", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./568/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./568/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./568/binderfs") = 0 umount2("./568/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./568/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./568/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./568/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./568/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./568/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./568") = 0 mkdir("./569", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6789 ./strace-static-x86_64: Process 6789 attached [pid 6789] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6789] chdir("./569") = 0 [pid 6789] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6789] setpgid(0, 0) = 0 [pid 6789] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6789] write(3, "1000", 4) = 4 [pid 6789] close(3) = 0 [pid 6789] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6789] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6789] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6789] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6789] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6790], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6790 [pid 6789] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6789] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6790 attached [pid 6790] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6790] memfd_create("syzkaller", 0) = 3 [pid 6790] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6790] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [ 134.421593][ T6787] loop0: detected capacity change from 0 to 256 [ 134.430521][ T6787] exfat: Deprecated parameter 'utf8' [ 134.438736][ T6787] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6790] munmap(0x7f2656609000, 131072) = 0 [pid 6790] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6790] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6790] close(3) = 0 [pid 6790] mkdir("./file2", 0777) = 0 [pid 6790] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6790] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6790] chdir("./file2") = 0 [pid 6790] ioctl(4, LOOP_CLR_FD) = 0 [pid 6790] close(4) = 0 [pid 6790] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6789] <... futex resumed>) = 0 [pid 6790] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6789] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6789] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6790] <... openat resumed>) = 4 [pid 6790] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6789] <... futex resumed>) = 0 [pid 6789] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6790] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6789] <... futex resumed>) = 0 [pid 6789] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6790] <... openat resumed>) = 5 [pid 6790] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6789] <... futex resumed>) = 0 [pid 6790] <... futex resumed>) = 1 [pid 6789] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6790] write(4, "\x00\x00", 2) = 2 [pid 6789] <... futex resumed>) = 0 [pid 6789] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6790] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6789] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6789] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6790] <... futex resumed>) = 0 [pid 6789] <... futex resumed>) = 0 [pid 6790] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6789] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6789] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6790] <... mmap resumed>) = 0x20000000 [pid 6789] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6790] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6789] <... mprotect resumed>) = 0 [pid 6789] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6791], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6791 [pid 6790] <... futex resumed>) = 0 [pid 6789] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6790] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6789] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6791 attached [pid 6791] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6791] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6791] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6791] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6791] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6789] <... futex resumed>) = 0 [pid 6789] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6789] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6790] <... futex resumed>) = 0 [pid 6790] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6790] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6789] <... futex resumed>) = 0 [pid 6789] exit_group(0) = ? [pid 6791] <... futex resumed>) = ? [pid 6791] +++ exited with 0 +++ [pid 6790] +++ exited with 0 +++ [pid 6789] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6789, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./569", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./569", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./569/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./569/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./569/binderfs") = 0 umount2("./569/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./569/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./569/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./569/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./569/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./569/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./569") = 0 mkdir("./570", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6792 [ 134.503018][ T6790] loop0: detected capacity change from 0 to 256 [ 134.511780][ T6790] exfat: Deprecated parameter 'utf8' [ 134.521897][ T6790] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) ./strace-static-x86_64: Process 6792 attached [pid 6792] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6792] chdir("./570") = 0 [pid 6792] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6792] setpgid(0, 0) = 0 [pid 6792] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6792] write(3, "1000", 4) = 4 [pid 6792] close(3) = 0 [pid 6792] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6792] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6792] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6792] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6792] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6793], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6793 ./strace-static-x86_64: Process 6793 attached [pid 6793] set_robust_list(0x7f265ea299e0, 24 [pid 6792] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6792] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6793] <... set_robust_list resumed>) = 0 [pid 6793] memfd_create("syzkaller", 0) = 3 [pid 6793] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6793] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6793] munmap(0x7f2656609000, 131072) = 0 [pid 6793] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6793] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6793] close(3) = 0 [pid 6793] mkdir("./file2", 0777) = 0 [pid 6793] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6793] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6793] chdir("./file2") = 0 [pid 6793] ioctl(4, LOOP_CLR_FD) = 0 [pid 6793] close(4) = 0 [pid 6793] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6792] <... futex resumed>) = 0 [pid 6793] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6792] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6792] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6793] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6793] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6793] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6793] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6792] <... futex resumed>) = 0 [pid 6792] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6792] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6793] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6793] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6793] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6792] <... futex resumed>) = 0 [pid 6792] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6792] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6793] write(4, "\x00\x00", 2) = 2 [pid 6793] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6792] <... futex resumed>) = 0 [pid 6792] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6793] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6792] <... futex resumed>) = 0 [pid 6792] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6792] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6792] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6793] <... mmap resumed>) = 0x20000000 [pid 6792] <... mprotect resumed>) = 0 [pid 6792] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6793] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6792] <... clone resumed>, parent_tid=[6794], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6794 [pid 6792] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6792] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6794 attached [pid 6794] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6793] <... futex resumed>) = 0 [pid 6794] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6793] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6794] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6794] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6792] <... futex resumed>) = 0 [pid 6792] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6792] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6794] <... futex resumed>) = 1 [pid 6794] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6793] <... futex resumed>) = 0 [pid 6793] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6793] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6792] <... futex resumed>) = 0 [pid 6792] exit_group(0) = ? [pid 6794] <... futex resumed>) = ? [pid 6794] +++ exited with 0 +++ [pid 6793] +++ exited with 0 +++ [pid 6792] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6792, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./570", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./570", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./570/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./570/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./570/binderfs") = 0 umount2("./570/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./570/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./570/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./570/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./570/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./570/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./570") = 0 mkdir("./571", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6795 attached [ 134.606938][ T6793] loop0: detected capacity change from 0 to 256 [ 134.615779][ T6793] exfat: Deprecated parameter 'utf8' [ 134.624471][ T6793] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6795] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6795] chdir("./571" [pid 5078] <... clone resumed>, child_tidptr=0x555556b3a6d0) = 6795 [pid 6795] <... chdir resumed>) = 0 [pid 6795] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6795] setpgid(0, 0) = 0 [pid 6795] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6795] write(3, "1000", 4) = 4 [pid 6795] close(3) = 0 [pid 6795] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6795] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6795] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6795] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6795] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6796], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6796 [pid 6795] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6795] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6796 attached [pid 6796] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6796] memfd_create("syzkaller", 0) = 3 [pid 6796] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6796] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6796] munmap(0x7f2656609000, 131072) = 0 [pid 6796] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6796] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6796] close(3) = 0 [pid 6796] mkdir("./file2", 0777) = 0 [pid 6796] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6796] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6796] chdir("./file2") = 0 [pid 6796] ioctl(4, LOOP_CLR_FD) = 0 [pid 6796] close(4) = 0 [pid 6796] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6795] <... futex resumed>) = 0 [pid 6796] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6795] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6796] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6795] <... futex resumed>) = 0 [pid 6795] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6796] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6796] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6795] <... futex resumed>) = 0 [pid 6796] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6795] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6796] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6795] <... futex resumed>) = 0 [pid 6796] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6795] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6796] <... openat resumed>) = 5 [pid 6796] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6795] <... futex resumed>) = 0 [pid 6796] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6795] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6796] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6795] <... futex resumed>) = 0 [pid 6796] write(4, "\x00\x00", 2 [pid 6795] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6796] <... write resumed>) = 2 [pid 6796] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6795] <... futex resumed>) = 0 [pid 6796] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6795] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6796] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6795] <... futex resumed>) = 0 [pid 6796] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6795] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6796] <... mmap resumed>) = 0x20000000 [pid 6795] <... futex resumed>) = 0 [pid 6796] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6795] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6796] <... futex resumed>) = 0 [pid 6795] <... mmap resumed>) = 0x7f2656608000 [pid 6796] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6795] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6795] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6797], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6797 [pid 6795] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6795] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6797 attached [pid 6797] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6797] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6797] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6797] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6795] <... futex resumed>) = 0 [pid 6795] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6796] <... futex resumed>) = 0 [pid 6795] <... futex resumed>) = 1 [pid 6796] getdents64(-1, [pid 6795] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6796] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6796] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6795] <... futex resumed>) = 0 [pid 6796] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6795] exit_group(0 [pid 6796] <... futex resumed>) = ? [pid 6795] <... exit_group resumed>) = ? [pid 6796] +++ exited with 0 +++ [pid 6797] <... futex resumed>) = ? [pid 6797] +++ exited with 0 +++ [pid 6795] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6795, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./571", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./571", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./571/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./571/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./571/binderfs") = 0 umount2("./571/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./571/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./571/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./571/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./571/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./571/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./571") = 0 mkdir("./572", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6798 ./strace-static-x86_64: Process 6798 attached [pid 6798] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6798] chdir("./572") = 0 [ 134.699028][ T6796] loop0: detected capacity change from 0 to 256 [ 134.708369][ T6796] exfat: Deprecated parameter 'utf8' [ 134.716781][ T6796] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6798] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6798] setpgid(0, 0) = 0 [pid 6798] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6798] write(3, "1000", 4) = 4 [pid 6798] close(3) = 0 [pid 6798] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6798] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6798] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6798] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6798] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6799 attached , parent_tid=[6799], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6799 [pid 6799] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6799] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6798] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6799] <... futex resumed>) = 0 [pid 6798] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6799] memfd_create("syzkaller", 0) = 3 [pid 6799] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6799] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6799] munmap(0x7f2656609000, 131072) = 0 [pid 6799] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6799] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6799] close(3) = 0 [pid 6799] mkdir("./file2", 0777) = 0 [pid 6799] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6799] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6799] chdir("./file2") = 0 [pid 6799] ioctl(4, LOOP_CLR_FD) = 0 [pid 6799] close(4) = 0 [pid 6799] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6798] <... futex resumed>) = 0 [pid 6798] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6798] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6799] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6799] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6798] <... futex resumed>) = 0 [pid 6798] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6798] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6799] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6799] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6798] <... futex resumed>) = 0 [pid 6798] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6798] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6799] write(4, "\x00\x00", 2) = 2 [pid 6799] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6798] <... futex resumed>) = 0 [pid 6798] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6798] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6798] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6799] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6798] <... mmap resumed>) = 0x7f2656608000 [pid 6798] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6799] <... mmap resumed>) = 0x20000000 [pid 6798] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6800 attached [pid 6799] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6798] <... clone resumed>, parent_tid=[6800], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6800 [pid 6798] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6798] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6800] set_robust_list(0x7f26566289e0, 24 [pid 6799] <... futex resumed>) = 0 [pid 6800] <... set_robust_list resumed>) = 0 [pid 6799] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6800] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6800] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6800] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6798] <... futex resumed>) = 0 [pid 6798] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6798] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6800] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6799] <... futex resumed>) = 0 [pid 6799] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6799] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6798] <... futex resumed>) = 0 [pid 6798] exit_group(0) = ? [pid 6800] <... futex resumed>) = ? [pid 6800] +++ exited with 0 +++ [pid 6799] +++ exited with 0 +++ [pid 6798] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6798, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./572", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./572", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./572/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./572/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./572/binderfs") = 0 umount2("./572/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./572/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./572/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./572/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./572/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./572/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./572") = 0 mkdir("./573", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 134.791793][ T6799] loop0: detected capacity change from 0 to 256 [ 134.799838][ T6799] exfat: Deprecated parameter 'utf8' [ 134.809804][ T6799] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6801 ./strace-static-x86_64: Process 6801 attached [pid 6801] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6801] chdir("./573") = 0 [pid 6801] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6801] setpgid(0, 0) = 0 [pid 6801] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6801] write(3, "1000", 4) = 4 [pid 6801] close(3) = 0 [pid 6801] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6801] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6801] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6801] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6801] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6802], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6802 [pid 6801] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6801] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6802 attached [pid 6802] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6802] memfd_create("syzkaller", 0) = 3 [pid 6802] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6802] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6802] munmap(0x7f2656609000, 131072) = 0 [pid 6802] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6802] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6802] close(3) = 0 [pid 6802] mkdir("./file2", 0777) = 0 [pid 6802] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6802] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6802] chdir("./file2") = 0 [pid 6802] ioctl(4, LOOP_CLR_FD) = 0 [pid 6802] close(4) = 0 [pid 6802] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6801] <... futex resumed>) = 0 [pid 6802] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6801] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6801] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6802] <... openat resumed>) = 4 [pid 6802] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6801] <... futex resumed>) = 0 [pid 6802] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6801] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6801] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6802] <... openat resumed>) = 5 [pid 6802] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6801] <... futex resumed>) = 0 [pid 6802] write(4, "\x00\x00", 2 [pid 6801] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6802] <... write resumed>) = 2 [pid 6801] <... futex resumed>) = 0 [pid 6801] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6802] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6801] <... futex resumed>) = 0 [pid 6802] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6801] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6802] <... mmap resumed>) = 0x20000000 [pid 6801] <... futex resumed>) = 0 [pid 6801] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6801] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6802] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6801] <... mmap resumed>) = 0x7f2656608000 [pid 6802] <... futex resumed>) = 0 [pid 6801] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6802] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6801] <... mprotect resumed>) = 0 [pid 6801] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6803 attached , parent_tid=[6803], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6803 [pid 6801] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6801] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6803] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6803] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6803] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6803] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6801] <... futex resumed>) = 0 [pid 6801] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6802] <... futex resumed>) = 0 [pid 6801] <... futex resumed>) = 1 [pid 6802] getdents64(-1, [pid 6801] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6802] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6802] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6801] <... futex resumed>) = 0 [pid 6803] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6802] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6801] exit_group(0 [pid 6802] <... futex resumed>) = ? [pid 6801] <... exit_group resumed>) = ? [pid 6803] <... futex resumed>) = ? [pid 6802] +++ exited with 0 +++ [pid 6803] +++ exited with 0 +++ [pid 6801] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6801, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./573", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./573", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./573/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./573/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./573/binderfs") = 0 umount2("./573/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./573/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./573/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./573/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./573/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./573/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./573") = 0 mkdir("./574", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6804 ./strace-static-x86_64: Process 6804 attached [pid 6804] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6804] chdir("./574") = 0 [pid 6804] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6804] setpgid(0, 0) = 0 [pid 6804] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6804] write(3, "1000", 4) = 4 [pid 6804] close(3) = 0 [pid 6804] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6804] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6804] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6804] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6804] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6805], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6805 [pid 6804] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6804] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6805 attached [pid 6805] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6805] memfd_create("syzkaller", 0) = 3 [pid 6805] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [ 134.898324][ T6802] loop0: detected capacity change from 0 to 256 [ 134.906598][ T6802] exfat: Deprecated parameter 'utf8' [ 134.915498][ T6802] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6805] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6805] munmap(0x7f2656609000, 131072) = 0 [pid 6805] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6805] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6805] close(3) = 0 [pid 6805] mkdir("./file2", 0777) = 0 [pid 6805] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6805] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6805] chdir("./file2") = 0 [pid 6805] ioctl(4, LOOP_CLR_FD) = 0 [pid 6805] close(4) = 0 [pid 6805] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6804] <... futex resumed>) = 0 [pid 6804] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6804] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6805] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6805] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6804] <... futex resumed>) = 0 [pid 6804] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6804] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6805] <... futex resumed>) = 1 [pid 6805] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6805] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6804] <... futex resumed>) = 0 [pid 6804] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6804] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6805] <... futex resumed>) = 1 [pid 6805] write(4, "\x00\x00", 2) = 2 [pid 6805] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6804] <... futex resumed>) = 0 [pid 6804] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6804] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6804] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6805] <... futex resumed>) = 1 [pid 6804] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6805] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6804] <... mprotect resumed>) = 0 [pid 6804] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6806 attached , parent_tid=[6806], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6806 [pid 6806] set_robust_list(0x7f26566289e0, 24 [pid 6804] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6805] <... mmap resumed>) = 0x20000000 [pid 6804] <... futex resumed>) = 0 [pid 6805] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6805] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6806] <... set_robust_list resumed>) = 0 [pid 6806] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6806] openat(AT_FDCWD, "", O_RDONLY [pid 6804] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6806] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 6806] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6804] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6806] <... futex resumed>) = 0 [pid 6804] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6806] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6805] <... futex resumed>) = 0 [pid 6804] <... futex resumed>) = 1 [pid 6805] getdents64(-1, [pid 6804] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6805] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6805] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6805] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6804] <... futex resumed>) = 0 [pid 6804] exit_group(0 [pid 6805] <... futex resumed>) = ? [pid 6804] <... exit_group resumed>) = ? [pid 6805] +++ exited with 0 +++ [pid 6806] <... futex resumed>) = ? [pid 6806] +++ exited with 0 +++ [pid 6804] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6804, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./574", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./574", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./574/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./574/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./574/binderfs") = 0 umount2("./574/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./574/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./574/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./574/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./574/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 [ 134.981948][ T6805] loop0: detected capacity change from 0 to 256 [ 134.990050][ T6805] exfat: Deprecated parameter 'utf8' [ 134.998846][ T6805] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) rmdir("./574/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./574") = 0 mkdir("./575", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6807 attached , child_tidptr=0x555556b3a6d0) = 6807 [pid 6807] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6807] chdir("./575") = 0 [pid 6807] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6807] setpgid(0, 0) = 0 [pid 6807] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6807] write(3, "1000", 4) = 4 [pid 6807] close(3) = 0 [pid 6807] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6807] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6807] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6807] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6807] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6808 attached , parent_tid=[6808], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6808 [pid 6808] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6808] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6807] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6808] <... futex resumed>) = 0 [pid 6807] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6808] memfd_create("syzkaller", 0) = 3 [pid 6808] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6808] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6808] munmap(0x7f2656609000, 131072) = 0 [pid 6808] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6808] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6808] close(3) = 0 [pid 6808] mkdir("./file2", 0777) = 0 [pid 6808] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6808] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6808] chdir("./file2") = 0 [pid 6808] ioctl(4, LOOP_CLR_FD) = 0 [pid 6808] close(4) = 0 [pid 6808] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6808] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6807] <... futex resumed>) = 0 [pid 6807] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6808] <... futex resumed>) = 0 [pid 6807] <... futex resumed>) = 1 [pid 6808] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6807] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6808] <... openat resumed>) = 4 [pid 6808] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6808] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6807] <... futex resumed>) = 0 [pid 6807] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6808] <... futex resumed>) = 0 [pid 6807] <... futex resumed>) = 1 [pid 6808] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6807] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6808] <... openat resumed>) = 5 [pid 6808] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6807] <... futex resumed>) = 0 [pid 6808] write(4, "\x00\x00", 2 [pid 6807] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6808] <... write resumed>) = 2 [pid 6807] <... futex resumed>) = 0 [pid 6808] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6807] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6808] <... futex resumed>) = 0 [pid 6807] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6808] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6807] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6808] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6807] <... futex resumed>) = 0 [pid 6808] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6807] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6808] <... mmap resumed>) = 0x20000000 [pid 6807] <... futex resumed>) = 0 [pid 6808] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6807] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6808] <... futex resumed>) = 0 [pid 6808] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6807] <... mmap resumed>) = 0x7f2656608000 [pid 6807] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6807] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6809 attached , parent_tid=[6809], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6809 [pid 6807] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6807] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6809] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6809] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6809] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6809] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6807] <... futex resumed>) = 0 [pid 6809] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6807] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6808] <... futex resumed>) = 0 [pid 6807] <... futex resumed>) = 1 [pid 6808] getdents64(-1, [pid 6807] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6808] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6808] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6807] <... futex resumed>) = 0 [pid 6808] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6807] exit_group(0 [pid 6808] <... futex resumed>) = ? [pid 6807] <... exit_group resumed>) = ? [pid 6808] +++ exited with 0 +++ [pid 6809] <... futex resumed>) = ? [pid 6809] +++ exited with 0 +++ [pid 6807] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6807, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./575", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./575", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./575/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./575/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./575/binderfs") = 0 umount2("./575/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./575/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./575/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./575/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./575/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./575/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./575") = 0 mkdir("./576", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6810 ./strace-static-x86_64: Process 6810 attached [pid 6810] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6810] chdir("./576") = 0 [pid 6810] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6810] setpgid(0, 0) = 0 [pid 6810] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6810] write(3, "1000", 4) = 4 [pid 6810] close(3) = 0 [pid 6810] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6810] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6810] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6810] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6810] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6811], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6811 [pid 6810] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6810] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6811 attached [pid 6811] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6811] memfd_create("syzkaller", 0) = 3 [pid 6811] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6811] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6811] munmap(0x7f2656609000, 131072) = 0 [pid 6811] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 135.088117][ T6808] loop0: detected capacity change from 0 to 256 [ 135.095890][ T6808] exfat: Deprecated parameter 'utf8' [ 135.104963][ T6808] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6811] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6811] close(3) = 0 [pid 6811] mkdir("./file2", 0777) = 0 [pid 6811] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6811] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6811] chdir("./file2") = 0 [pid 6811] ioctl(4, LOOP_CLR_FD) = 0 [pid 6811] close(4) = 0 [pid 6811] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6810] <... futex resumed>) = 0 [pid 6810] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6810] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6811] <... futex resumed>) = 1 [pid 6811] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6811] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6810] <... futex resumed>) = 0 [pid 6810] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6810] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6811] <... futex resumed>) = 1 [pid 6811] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6811] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6810] <... futex resumed>) = 0 [pid 6810] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6810] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6811] <... futex resumed>) = 1 [pid 6811] write(4, "\x00\x00", 2) = 2 [pid 6811] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6810] <... futex resumed>) = 0 [pid 6810] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6810] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6810] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6810] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6810] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6812 attached [pid 6812] set_robust_list(0x7f26566289e0, 24 [pid 6810] <... clone resumed>, parent_tid=[6812], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6812 [pid 6810] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6810] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6811] <... futex resumed>) = 1 [pid 6811] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6812] <... set_robust_list resumed>) = 0 [pid 6811] <... mmap resumed>) = 0x20000000 [pid 6811] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6811] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6812] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6812] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6812] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6810] <... futex resumed>) = 0 [pid 6810] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6810] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6811] <... futex resumed>) = 0 [pid 6811] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6811] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6810] <... futex resumed>) = 0 [pid 6811] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6810] exit_group(0 [pid 6811] <... futex resumed>) = ? [pid 6810] <... exit_group resumed>) = ? [pid 6811] +++ exited with 0 +++ [pid 6812] +++ exited with 0 +++ [pid 6810] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6810, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./576", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./576", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./576/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./576/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./576/binderfs") = 0 umount2("./576/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./576/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./576/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./576/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./576/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./576/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./576") = 0 mkdir("./577", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6813 ./strace-static-x86_64: Process 6813 attached [pid 6813] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6813] chdir("./577") = 0 [pid 6813] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6813] setpgid(0, 0) = 0 [pid 6813] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6813] write(3, "1000", 4) = 4 [pid 6813] close(3) = 0 [ 135.161393][ T6811] loop0: detected capacity change from 0 to 256 [ 135.170230][ T6811] exfat: Deprecated parameter 'utf8' [ 135.178712][ T6811] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6813] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6813] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6813] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6813] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6813] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6814 attached , parent_tid=[6814], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6814 [pid 6814] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6814] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6813] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6814] <... futex resumed>) = 0 [pid 6813] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6814] memfd_create("syzkaller", 0) = 3 [pid 6814] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6814] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6814] munmap(0x7f2656609000, 131072) = 0 [pid 6814] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6814] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6814] close(3) = 0 [pid 6814] mkdir("./file2", 0777) = 0 [pid 6814] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6814] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6814] chdir("./file2") = 0 [pid 6814] ioctl(4, LOOP_CLR_FD) = 0 [pid 6814] close(4) = 0 [pid 6814] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6813] <... futex resumed>) = 0 [pid 6813] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6814] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6813] <... futex resumed>) = 0 [pid 6813] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6814] <... openat resumed>) = 4 [pid 6814] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6813] <... futex resumed>) = 0 [pid 6814] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6813] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6813] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6814] <... openat resumed>) = 5 [pid 6814] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6813] <... futex resumed>) = 0 [pid 6813] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6813] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6814] write(4, "\x00\x00", 2) = 2 [pid 6814] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6813] <... futex resumed>) = 0 [pid 6813] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6813] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6813] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6813] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6813] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6815 attached , parent_tid=[6815], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6815 [pid 6815] set_robust_list(0x7f26566289e0, 24 [pid 6813] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6815] <... set_robust_list resumed>) = 0 [pid 6813] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6815] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6814] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6814] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6814] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6815] <... openat resumed>) = 6 [pid 6815] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6813] <... futex resumed>) = 0 [pid 6813] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6813] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6814] <... futex resumed>) = 0 [pid 6814] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 6814] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6813] <... futex resumed>) = 0 [pid 6813] exit_group(0) = ? [pid 6814] <... futex resumed>) = ? [pid 6814] +++ exited with 0 +++ [pid 6815] +++ exited with 0 +++ [pid 6813] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6813, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./577", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./577", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./577/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./577/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./577/binderfs") = 0 umount2("./577/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./577/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./577/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./577/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./577/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./577/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./577") = 0 mkdir("./578", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 135.251430][ T6814] loop0: detected capacity change from 0 to 256 [ 135.259604][ T6814] exfat: Deprecated parameter 'utf8' [ 135.269275][ T6814] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6816 ./strace-static-x86_64: Process 6816 attached [pid 6816] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6816] chdir("./578") = 0 [pid 6816] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6816] setpgid(0, 0) = 0 [pid 6816] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6816] write(3, "1000", 4) = 4 [pid 6816] close(3) = 0 [pid 6816] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6816] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6816] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6816] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6816] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6817 attached , parent_tid=[6817], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6817 [pid 6817] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6817] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6816] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6817] <... futex resumed>) = 0 [pid 6817] memfd_create("syzkaller", 0 [pid 6816] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6817] <... memfd_create resumed>) = 3 [pid 6817] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6817] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6817] munmap(0x7f2656609000, 131072) = 0 [pid 6817] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6817] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6817] close(3) = 0 [pid 6817] mkdir("./file2", 0777) = 0 [pid 6817] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6817] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6817] chdir("./file2") = 0 [pid 6817] ioctl(4, LOOP_CLR_FD) = 0 [pid 6817] close(4) = 0 [pid 6817] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6816] <... futex resumed>) = 0 [pid 6816] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6817] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6816] <... futex resumed>) = 0 [pid 6816] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6817] <... openat resumed>) = 4 [pid 6817] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6816] <... futex resumed>) = 0 [pid 6817] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6816] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6817] <... openat resumed>) = 5 [pid 6816] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6817] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6816] <... futex resumed>) = 0 [pid 6817] write(4, "\x00\x00", 2 [pid 6816] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6817] <... write resumed>) = 2 [pid 6816] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6817] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6816] <... futex resumed>) = 0 [pid 6817] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6816] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6817] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6816] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6817] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6816] <... futex resumed>) = 0 [pid 6816] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6817] <... mmap resumed>) = 0x20000000 [pid 6816] <... mmap resumed>) = 0x7f2656608000 [pid 6816] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6817] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6816] <... mprotect resumed>) = 0 [pid 6817] <... futex resumed>) = 0 [pid 6816] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6818 attached [pid 6817] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6816] <... clone resumed>, parent_tid=[6818], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6818 [pid 6816] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6816] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6818] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6818] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6818] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6818] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6816] <... futex resumed>) = 0 [pid 6816] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6817] <... futex resumed>) = 0 [pid 6816] <... futex resumed>) = 1 [pid 6817] getdents64(-1, [pid 6816] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6817] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6817] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6816] <... futex resumed>) = 0 [pid 6817] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6816] exit_group(0 [pid 6817] <... futex resumed>) = ? [pid 6816] <... exit_group resumed>) = ? [pid 6817] +++ exited with 0 +++ [pid 6818] +++ exited with 0 +++ [pid 6816] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6816, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./578", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./578", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./578/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./578/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./578/binderfs") = 0 umount2("./578/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./578/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./578/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./578/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./578/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./578/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./578") = 0 mkdir("./579", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6819 [ 135.361805][ T6817] loop0: detected capacity change from 0 to 256 [ 135.370110][ T6817] exfat: Deprecated parameter 'utf8' [ 135.379009][ T6817] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) ./strace-static-x86_64: Process 6819 attached [pid 6819] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6819] chdir("./579") = 0 [pid 6819] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6819] setpgid(0, 0) = 0 [pid 6819] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6819] write(3, "1000", 4) = 4 [pid 6819] close(3) = 0 [pid 6819] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6819] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6819] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6819] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6819] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6820 attached , parent_tid=[6820], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6820 [pid 6819] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6819] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6820] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6820] memfd_create("syzkaller", 0) = 3 [pid 6820] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6820] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6820] munmap(0x7f2656609000, 131072) = 0 [pid 6820] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6820] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6820] close(3) = 0 [pid 6820] mkdir("./file2", 0777) = 0 [pid 6820] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6820] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6820] chdir("./file2") = 0 [pid 6820] ioctl(4, LOOP_CLR_FD) = 0 [pid 6820] close(4) = 0 [pid 6820] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6819] <... futex resumed>) = 0 [pid 6820] <... futex resumed>) = 1 [pid 6819] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6820] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6819] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6820] <... openat resumed>) = 4 [pid 6820] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6819] <... futex resumed>) = 0 [pid 6820] <... futex resumed>) = 1 [pid 6819] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6820] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6819] <... futex resumed>) = 0 [pid 6819] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6820] <... openat resumed>) = 5 [pid 6820] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6819] <... futex resumed>) = 0 [pid 6820] <... futex resumed>) = 1 [pid 6819] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6819] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6820] write(4, "\x00\x00", 2) = 2 [pid 6820] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6819] <... futex resumed>) = 0 [pid 6820] <... futex resumed>) = 1 [pid 6819] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6819] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6819] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6819] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6819] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6821], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6821 [pid 6819] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6819] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6820] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 6820] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6820] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6821 attached [pid 6821] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6821] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6821] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6821] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6819] <... futex resumed>) = 0 [pid 6821] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6819] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6819] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6820] <... futex resumed>) = 0 [pid 6820] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6820] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6819] <... futex resumed>) = 0 [pid 6819] exit_group(0) = ? [pid 6821] <... futex resumed>) = ? [pid 6821] +++ exited with 0 +++ [pid 6820] +++ exited with 0 +++ [pid 6819] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6819, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./579", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./579", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./579/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./579/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./579/binderfs") = 0 umount2("./579/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./579/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./579/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./579/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./579/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./579/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./579") = 0 mkdir("./580", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6822 [ 135.452179][ T6820] loop0: detected capacity change from 0 to 256 [ 135.461557][ T6820] exfat: Deprecated parameter 'utf8' [ 135.469947][ T6820] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) ./strace-static-x86_64: Process 6822 attached [pid 6822] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6822] chdir("./580") = 0 [pid 6822] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6822] setpgid(0, 0) = 0 [pid 6822] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6822] write(3, "1000", 4) = 4 [pid 6822] close(3) = 0 [pid 6822] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6822] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6822] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6822] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6822] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6823], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6823 [pid 6822] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6822] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6823 attached [pid 6823] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6823] memfd_create("syzkaller", 0) = 3 [pid 6823] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6823] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6823] munmap(0x7f2656609000, 131072) = 0 [pid 6823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6823] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6823] close(3) = 0 [pid 6823] mkdir("./file2", 0777) = 0 [pid 6823] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6823] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6823] chdir("./file2") = 0 [pid 6823] ioctl(4, LOOP_CLR_FD) = 0 [pid 6823] close(4) = 0 [pid 6823] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6822] <... futex resumed>) = 0 [pid 6822] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6822] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6823] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6823] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6822] <... futex resumed>) = 0 [pid 6822] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6822] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6823] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6823] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6822] <... futex resumed>) = 0 [pid 6822] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6822] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6823] write(4, "\x00\x00", 2) = 2 [pid 6823] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6822] <... futex resumed>) = 0 [pid 6822] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6822] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6822] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6823] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6822] <... mmap resumed>) = 0x7f2656608000 [pid 6822] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6823] <... mmap resumed>) = 0x20000000 [pid 6822] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6824], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6824 [pid 6823] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6822] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6822] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6824 attached [pid 6824] set_robust_list(0x7f26566289e0, 24 [pid 6823] <... futex resumed>) = 0 [pid 6824] <... set_robust_list resumed>) = 0 [pid 6824] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6824] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6823] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6824] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6822] <... futex resumed>) = 0 [pid 6824] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6822] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6822] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6823] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6823] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6823] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6823] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6822] <... futex resumed>) = 0 [pid 6822] exit_group(0) = ? [pid 6823] <... futex resumed>) = ? [pid 6823] +++ exited with 0 +++ [pid 6824] <... futex resumed>) = ? [pid 6824] +++ exited with 0 +++ [pid 6822] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6822, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./580", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./580", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./580/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./580/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./580/binderfs") = 0 umount2("./580/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./580/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./580/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./580/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 135.548714][ T6823] loop0: detected capacity change from 0 to 256 [ 135.556820][ T6823] exfat: Deprecated parameter 'utf8' [ 135.565861][ T6823] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) openat(AT_FDCWD, "./580/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./580/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./580") = 0 mkdir("./581", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6825 ./strace-static-x86_64: Process 6825 attached [pid 6825] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6825] chdir("./581") = 0 [pid 6825] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6825] setpgid(0, 0) = 0 [pid 6825] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6825] write(3, "1000", 4) = 4 [pid 6825] close(3) = 0 [pid 6825] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6825] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6825] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6825] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6825] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6826], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6826 [pid 6825] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6825] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6826 attached [pid 6826] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6826] memfd_create("syzkaller", 0) = 3 [pid 6826] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6826] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6826] munmap(0x7f2656609000, 131072) = 0 [pid 6826] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6826] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6826] close(3) = 0 [pid 6826] mkdir("./file2", 0777) = 0 [pid 6826] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6826] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6826] chdir("./file2") = 0 [pid 6826] ioctl(4, LOOP_CLR_FD) = 0 [pid 6826] close(4) = 0 [pid 6826] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6825] <... futex resumed>) = 0 [pid 6825] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6825] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6826] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6826] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6825] <... futex resumed>) = 0 [pid 6825] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6825] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6826] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6826] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6825] <... futex resumed>) = 0 [pid 6825] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6825] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6826] write(4, "\x00\x00", 2) = 2 [pid 6826] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6825] <... futex resumed>) = 0 [pid 6825] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6825] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6825] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6826] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6825] <... mmap resumed>) = 0x7f2656608000 [pid 6825] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6826] <... mmap resumed>) = 0x20000000 [pid 6825] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6827 attached [pid 6826] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6825] <... clone resumed>, parent_tid=[6827], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6827 [pid 6825] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6825] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6827] set_robust_list(0x7f26566289e0, 24 [pid 6826] <... futex resumed>) = 0 [pid 6827] <... set_robust_list resumed>) = 0 [pid 6826] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6827] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6827] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6827] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6825] <... futex resumed>) = 0 [pid 6825] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6827] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6826] <... futex resumed>) = 0 [pid 6825] <... futex resumed>) = 1 [pid 6826] getdents64(-1, [pid 6825] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6826] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6826] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6825] <... futex resumed>) = 0 [pid 6826] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6825] exit_group(0 [pid 6826] <... futex resumed>) = ? [pid 6825] <... exit_group resumed>) = ? [pid 6827] <... futex resumed>) = ? [pid 6826] +++ exited with 0 +++ [pid 6827] +++ exited with 0 +++ [pid 6825] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6825, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./581", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./581", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./581/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./581/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./581/binderfs") = 0 [ 135.642595][ T6826] loop0: detected capacity change from 0 to 256 [ 135.643378][ T5080] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 135.650860][ T6826] exfat: Deprecated parameter 'utf8' [ 135.668430][ T6826] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./581/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./581/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./581/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./581/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./581/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./581/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./581") = 0 mkdir("./582", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6828 ./strace-static-x86_64: Process 6828 attached [pid 6828] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6828] chdir("./582") = 0 [pid 6828] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6828] setpgid(0, 0) = 0 [pid 6828] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6828] write(3, "1000", 4) = 4 [pid 6828] close(3) = 0 [pid 6828] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6828] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6828] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6828] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6828] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6829], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6829 [pid 6828] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6828] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6829 attached [pid 6829] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6829] memfd_create("syzkaller", 0) = 3 [pid 6829] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6829] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6829] munmap(0x7f2656609000, 131072) = 0 [pid 6829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6829] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6829] close(3) = 0 [pid 6829] mkdir("./file2", 0777) = 0 [pid 6829] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6829] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6829] chdir("./file2") = 0 [pid 6829] ioctl(4, LOOP_CLR_FD) = 0 [pid 6829] close(4) = 0 [pid 6829] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6829] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6828] <... futex resumed>) = 0 [pid 6828] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6829] <... futex resumed>) = 0 [pid 6828] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6829] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6829] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6829] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6828] <... futex resumed>) = 0 [pid 6828] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6828] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6829] <... futex resumed>) = 0 [pid 6829] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6829] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6828] <... futex resumed>) = 0 [pid 6829] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6828] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6829] <... futex resumed>) = 0 [pid 6828] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6829] write(4, "\x00\x00", 2) = 2 [pid 6829] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6828] <... futex resumed>) = 0 [pid 6829] <... futex resumed>) = 1 [pid 6828] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6829] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6828] <... futex resumed>) = 0 [pid 6828] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6828] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6829] <... mmap resumed>) = 0x20000000 [pid 6828] <... mmap resumed>) = 0x7f2656608000 [pid 6828] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6829] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6828] <... mprotect resumed>) = 0 [pid 6829] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6828] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6830], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6830 [pid 6828] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6828] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6830 attached [pid 6830] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6830] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6830] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6830] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6828] <... futex resumed>) = 0 [pid 6828] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6829] <... futex resumed>) = 0 [pid 6828] <... futex resumed>) = 1 [pid 6829] getdents64(-1, [pid 6828] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6829] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6829] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6828] <... futex resumed>) = 0 [pid 6829] <... futex resumed>) = 1 [pid 6829] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6828] exit_group(0 [pid 6829] <... futex resumed>) = ? [pid 6828] <... exit_group resumed>) = ? [pid 6829] +++ exited with 0 +++ [pid 6830] +++ exited with 0 +++ [pid 6828] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6828, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./582", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./582", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./582/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./582/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./582/binderfs") = 0 umount2("./582/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./582/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./582/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./582/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./582/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./582/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./582") = 0 mkdir("./583", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6831 [ 135.740954][ T6829] loop0: detected capacity change from 0 to 256 [ 135.749513][ T6829] exfat: Deprecated parameter 'utf8' [ 135.758854][ T6829] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) ./strace-static-x86_64: Process 6831 attached [pid 6831] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6831] chdir("./583") = 0 [pid 6831] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6831] setpgid(0, 0) = 0 [pid 6831] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6831] write(3, "1000", 4) = 4 [pid 6831] close(3) = 0 [pid 6831] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6831] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6831] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6831] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6831] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6832 attached , parent_tid=[6832], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6832 [pid 6832] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6832] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6831] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6832] <... futex resumed>) = 0 [pid 6831] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6832] memfd_create("syzkaller", 0) = 3 [pid 6832] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6832] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6832] munmap(0x7f2656609000, 131072) = 0 [pid 6832] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6832] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6832] close(3) = 0 [pid 6832] mkdir("./file2", 0777) = 0 [pid 6832] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6832] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6832] chdir("./file2") = 0 [pid 6832] ioctl(4, LOOP_CLR_FD) = 0 [pid 6832] close(4) = 0 [pid 6832] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6831] <... futex resumed>) = 0 [pid 6831] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6831] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6832] <... futex resumed>) = 1 [pid 6832] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6832] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6831] <... futex resumed>) = 0 [pid 6831] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6831] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6832] <... futex resumed>) = 1 [pid 6832] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 6832] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6831] <... futex resumed>) = 0 [pid 6831] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6831] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6832] <... futex resumed>) = 1 [pid 6832] write(4, "\x00\x00", 2) = 2 [pid 6832] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6831] <... futex resumed>) = 0 [pid 6831] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6831] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6831] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6831] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6831] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6833], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6833 [pid 6831] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6831] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6832] <... futex resumed>) = 1 [pid 6832] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0./strace-static-x86_64: Process 6833 attached ) = 0x20000000 [pid 6832] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6832] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6833] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6833] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6833] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6833] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6831] <... futex resumed>) = 0 [pid 6831] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6832] <... futex resumed>) = 0 [pid 6831] <... futex resumed>) = 1 [pid 6832] getdents64(-1, [pid 6831] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6832] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6832] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6832] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6831] <... futex resumed>) = 0 [pid 6831] exit_group(0 [pid 6832] <... futex resumed>) = ? [pid 6831] <... exit_group resumed>) = ? [pid 6832] +++ exited with 0 +++ [pid 6833] +++ exited with 0 +++ [pid 6831] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6831, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./583", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./583", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./583/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./583/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./583/binderfs") = 0 umount2("./583/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./583/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./583/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./583/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./583/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./583/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./583") = 0 mkdir("./584", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 135.838964][ T6832] loop0: detected capacity change from 0 to 256 [ 135.847728][ T6832] exfat: Deprecated parameter 'utf8' [ 135.857290][ T6832] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6834 ./strace-static-x86_64: Process 6834 attached [pid 6834] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6834] chdir("./584") = 0 [pid 6834] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6834] setpgid(0, 0) = 0 [pid 6834] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6834] write(3, "1000", 4) = 4 [pid 6834] close(3) = 0 [pid 6834] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6834] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6834] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6834] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6834] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6835 attached , parent_tid=[6835], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6835 [pid 6834] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6834] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6835] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6835] memfd_create("syzkaller", 0) = 3 [pid 6835] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6835] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6835] munmap(0x7f2656609000, 131072) = 0 [pid 6835] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6835] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6835] close(3) = 0 [pid 6835] mkdir("./file2", 0777) = 0 [pid 6835] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6835] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6835] chdir("./file2") = 0 [pid 6835] ioctl(4, LOOP_CLR_FD) = 0 [pid 6835] close(4) = 0 [pid 6835] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6834] <... futex resumed>) = 0 [pid 6835] <... futex resumed>) = 1 [pid 6834] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6835] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6834] <... futex resumed>) = 0 [pid 6834] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6835] <... openat resumed>) = 4 [pid 6835] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6834] <... futex resumed>) = 0 [pid 6835] <... futex resumed>) = 1 [pid 6835] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6834] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6834] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6835] <... openat resumed>) = 5 [pid 6835] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6834] <... futex resumed>) = 0 [pid 6835] <... futex resumed>) = 1 [pid 6834] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6834] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6835] write(4, "\x00\x00", 2) = 2 [pid 6835] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6834] <... futex resumed>) = 0 [pid 6835] <... futex resumed>) = 1 [pid 6834] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6834] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6834] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6834] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6834] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6836 attached , parent_tid=[6836], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6836 [pid 6836] set_robust_list(0x7f26566289e0, 24 [pid 6834] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6836] <... set_robust_list resumed>) = 0 [pid 6836] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6835] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6834] <... futex resumed>) = 0 [pid 6834] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6835] <... mmap resumed>) = 0x20000000 [pid 6836] <... openat resumed>) = 6 [pid 6835] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6836] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6835] <... futex resumed>) = 0 [pid 6836] <... futex resumed>) = 1 [pid 6835] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6834] <... futex resumed>) = 0 [pid 6834] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6834] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6836] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6835] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6835] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 6835] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6834] <... futex resumed>) = 0 [pid 6834] exit_group(0 [pid 6836] <... futex resumed>) = ? [pid 6834] <... exit_group resumed>) = ? [pid 6836] +++ exited with 0 +++ [pid 6835] +++ exited with 0 +++ [pid 6834] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6834, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./584", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./584", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./584/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./584/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./584/binderfs") = 0 umount2("./584/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./584/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./584/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./584/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./584/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./584/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./584") = 0 mkdir("./585", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 135.934603][ T6835] loop0: detected capacity change from 0 to 256 [ 135.943721][ T6835] exfat: Deprecated parameter 'utf8' [ 135.953095][ T6835] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6837 ./strace-static-x86_64: Process 6837 attached [pid 6837] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6837] chdir("./585") = 0 [pid 6837] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6837] setpgid(0, 0) = 0 [pid 6837] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6837] write(3, "1000", 4) = 4 [pid 6837] close(3) = 0 [pid 6837] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6837] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6837] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6837] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6837] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6838 attached [pid 6838] set_robust_list(0x7f265ea299e0, 24 [pid 6837] <... clone resumed>, parent_tid=[6838], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6838 [pid 6838] <... set_robust_list resumed>) = 0 [pid 6837] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6837] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6838] memfd_create("syzkaller", 0) = 3 [pid 6838] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6838] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6838] munmap(0x7f2656609000, 131072) = 0 [pid 6838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6838] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6838] close(3) = 0 [pid 6838] mkdir("./file2", 0777) = 0 [pid 6838] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6838] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6838] chdir("./file2") = 0 [pid 6838] ioctl(4, LOOP_CLR_FD) = 0 [pid 6838] close(4) = 0 [pid 6838] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6837] <... futex resumed>) = 0 [pid 6837] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6838] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6837] <... futex resumed>) = 0 [pid 6837] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6838] <... openat resumed>) = 4 [pid 6838] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6837] <... futex resumed>) = 0 [pid 6838] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6837] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6838] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6837] <... futex resumed>) = 0 [pid 6838] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6837] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6838] <... openat resumed>) = 5 [pid 6838] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6837] <... futex resumed>) = 0 [pid 6838] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6837] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6838] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6837] <... futex resumed>) = 0 [pid 6838] write(4, "\x00\x00", 2 [pid 6837] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6838] <... write resumed>) = 2 [pid 6838] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6837] <... futex resumed>) = 0 [pid 6837] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6838] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6837] <... futex resumed>) = 0 [pid 6837] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6837] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2656608000 [pid 6837] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6838] <... mmap resumed>) = 0x20000000 [pid 6838] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6838] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6837] <... mprotect resumed>) = 0 [pid 6837] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6839 attached , parent_tid=[6839], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6839 [pid 6839] set_robust_list(0x7f26566289e0, 24 [pid 6837] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6839] <... set_robust_list resumed>) = 0 [pid 6837] <... futex resumed>) = 0 [pid 6837] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6839] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6839] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6839] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6839] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6837] <... futex resumed>) = 0 [pid 6837] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6838] <... futex resumed>) = 0 [pid 6838] getdents64(-1, [pid 6837] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6838] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6838] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6837] <... futex resumed>) = 0 [pid 6838] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6837] exit_group(0) = ? [pid 6838] <... futex resumed>) = ? [pid 6838] +++ exited with 0 +++ [pid 6839] <... futex resumed>) = ? [pid 6839] +++ exited with 0 +++ [pid 6837] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6837, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./585", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./585", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./585/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./585/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./585/binderfs") = 0 umount2("./585/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 136.035901][ T6838] loop0: detected capacity change from 0 to 256 [ 136.043909][ T6838] exfat: Deprecated parameter 'utf8' [ 136.053331][ T6838] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./585/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./585/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./585/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./585/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./585/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./585") = 0 mkdir("./586", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6840 ./strace-static-x86_64: Process 6840 attached [pid 6840] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6840] chdir("./586") = 0 [pid 6840] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6840] setpgid(0, 0) = 0 [pid 6840] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6840] write(3, "1000", 4) = 4 [pid 6840] close(3) = 0 [pid 6840] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6840] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6840] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6840] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6840] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6841], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6841 [pid 6840] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6840] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6841 attached [pid 6841] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6841] memfd_create("syzkaller", 0) = 3 [pid 6841] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6841] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6841] munmap(0x7f2656609000, 131072) = 0 [pid 6841] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6841] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6841] close(3) = 0 [pid 6841] mkdir("./file2", 0777) = 0 [pid 6841] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6841] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6841] chdir("./file2") = 0 [pid 6841] ioctl(4, LOOP_CLR_FD) = 0 [pid 6841] close(4) = 0 [pid 6841] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6840] <... futex resumed>) = 0 [pid 6841] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6840] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6840] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6841] <... openat resumed>) = 4 [pid 6841] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6840] <... futex resumed>) = 0 [pid 6841] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6840] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6841] <... openat resumed>) = 5 [pid 6840] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6841] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6841] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6840] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6840] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6841] <... futex resumed>) = 0 [pid 6840] <... futex resumed>) = 1 [pid 6841] write(4, "\x00\x00", 2 [pid 6840] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6841] <... write resumed>) = 2 [pid 6841] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6840] <... futex resumed>) = 0 [pid 6841] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6840] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6841] <... mmap resumed>) = 0x20000000 [pid 6840] <... futex resumed>) = 0 [pid 6840] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6840] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6841] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6841] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6840] <... mmap resumed>) = 0x7f2656608000 [pid 6840] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6840] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6842], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6842 [pid 6840] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6842 attached ) = 0 [pid 6842] set_robust_list(0x7f26566289e0, 24 [pid 6840] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6842] <... set_robust_list resumed>) = 0 [pid 6842] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6842] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6842] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6840] <... futex resumed>) = 0 [pid 6842] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6840] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6840] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6841] <... futex resumed>) = 0 [pid 6841] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6841] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6840] <... futex resumed>) = 0 [pid 6841] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6840] exit_group(0 [pid 6841] <... futex resumed>) = ? [pid 6840] <... exit_group resumed>) = ? [pid 6841] +++ exited with 0 +++ [pid 6842] <... futex resumed>) = ? [pid 6842] +++ exited with 0 +++ [pid 6840] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6840, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./586", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./586", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./586/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./586/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./586/binderfs") = 0 umount2("./586/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./586/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./586/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./586/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./586/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./586/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./586") = 0 mkdir("./587", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3a6d0) = 6843 ./strace-static-x86_64: Process 6843 attached [pid 6843] set_robust_list(0x555556b3a6e0, 24) = 0 [pid 6843] chdir("./587") = 0 [pid 6843] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6843] setpgid(0, 0) = 0 [pid 6843] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6843] write(3, "1000", 4) = 4 [pid 6843] close(3) = 0 [pid 6843] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6843] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6843] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f265ea09000 [pid 6843] mprotect(0x7f265ea0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6843] clone(child_stack=0x7f265ea292f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6844], tls=0x7f265ea29700, child_tidptr=0x7f265ea299d0) = 6844 [pid 6843] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6843] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6844 attached [pid 6844] set_robust_list(0x7f265ea299e0, 24) = 0 [pid 6844] memfd_create("syzkaller", 0) = 3 [pid 6844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2656609000 [pid 6844] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6844] munmap(0x7f2656609000, 131072) = 0 [ 136.139906][ T6841] loop0: detected capacity change from 0 to 256 [ 136.147709][ T6841] exfat: Deprecated parameter 'utf8' [ 136.157338][ T6841] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 6844] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6844] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6844] close(3) = 0 [pid 6844] mkdir("./file2", 0777) = 0 [pid 6844] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 6844] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6844] chdir("./file2") = 0 [pid 6844] ioctl(4, LOOP_CLR_FD) = 0 [pid 6844] close(4) = 0 [pid 6844] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6844] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6843] <... futex resumed>) = 0 [pid 6843] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6844] <... futex resumed>) = 0 [pid 6844] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6843] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6844] <... openat resumed>) = 4 [pid 6844] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6843] <... futex resumed>) = 0 [pid 6844] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6843] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6843] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6844] <... openat resumed>) = 5 [pid 6844] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6843] <... futex resumed>) = 0 [pid 6844] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6843] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6844] write(4, "\x00\x00", 2 [pid 6843] <... futex resumed>) = 0 [pid 6843] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6844] <... write resumed>) = 2 [pid 6844] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6843] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6844] <... futex resumed>) = 0 [pid 6843] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6844] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 6843] <... futex resumed>) = 0 [pid 6843] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6843] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6844] <... mmap resumed>) = 0x20000000 [pid 6843] <... mmap resumed>) = 0x7f2656608000 [pid 6844] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6843] mprotect(0x7f2656609000, 131072, PROT_READ|PROT_WRITE [pid 6844] <... futex resumed>) = 0 [pid 6844] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6843] <... mprotect resumed>) = 0 [pid 6843] clone(child_stack=0x7f26566282f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6845 attached [pid 6845] set_robust_list(0x7f26566289e0, 24) = 0 [pid 6843] <... clone resumed>, parent_tid=[6845], tls=0x7f2656628700, child_tidptr=0x7f26566289d0) = 6845 [pid 6845] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6843] futex(0x7f265eb037b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6845] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6843] <... futex resumed>) = 0 [pid 6845] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 6843] futex(0x7f265eb037bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6845] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 6845] futex(0x7f265eb037bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6843] <... futex resumed>) = 0 [pid 6845] <... futex resumed>) = 1 [pid 6843] futex(0x7f265eb037a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6845] futex(0x7f265eb037b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6844] <... futex resumed>) = 0 [pid 6843] <... futex resumed>) = 1 [pid 6844] getdents64(-1, [pid 6843] futex(0x7f265eb037ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6844] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 6844] futex(0x7f265eb037ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6843] <... futex resumed>) = 0 [pid 6844] futex(0x7f265eb037a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6843] exit_group(0 [pid 6845] <... futex resumed>) = ? [pid 6844] <... futex resumed>) = ? [pid 6843] <... exit_group resumed>) = ? [pid 6844] +++ exited with 0 +++ [pid 6845] +++ exited with 0 +++ [pid 6843] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6843, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./587", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./587", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b3b720 /* 4 entries */, 32768) = 112 umount2("./587/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./587/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./587/binderfs") = 0 umount2("./587/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./587/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./587/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./587/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./587/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b43760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b43760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./587/file2") = 0 getdents64(3, 0x555556b3b720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./587") = 0 mkdir("./588", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3