./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1813441319 <...> Warning: Permanently added '10.128.0.22' (ECDSA) to the list of known hosts. execve("./syz-executor1813441319", ["./syz-executor1813441319"], 0x7ffcf95f7af0 /* 10 vars */) = 0 brk(NULL) = 0x555555e36000 brk(0x555555e36d40) = 0x555555e36d40 arch_prctl(ARCH_SET_FS, 0x555555e36400) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x555555e366d0) = 4997 set_robust_list(0x555555e366e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f8049747c40, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f8049747190}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f8049747ce0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8049747190}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1813441319", 4096) = 28 brk(0x555555e57d40) = 0x555555e57d40 brk(0x555555e58000) = 0x555555e58000 mprotect(0x7f804980a000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f8049741030, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f8049747190}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f8049741030, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f8049747190}, NULL, 8) = 0 getpid() = 4997 mkdir("./syzkaller.9J3B60", 0700) = 0 chmod("./syzkaller.9J3B60", 0777) = 0 chdir("./syzkaller.9J3B60") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 4998 ./strace-static-x86_64: Process 4998 attached [pid 4998] set_robust_list(0x555555e366e0, 24) = 0 [pid 4998] chdir("./0") = 0 [pid 4998] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4998] setpgid(0, 0) = 0 [pid 4998] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4998] write(3, "1000", 4) = 4 [pid 4998] close(3) = 0 [pid 4998] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4998] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4998] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 4998] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4998] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5000], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5000 [pid 4998] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4998] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5000 attached [pid 5000] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5000] memfd_create("syzkaller", 0) = 3 [pid 5000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5000] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5000] munmap(0x7f8041316000, 131072) = 0 [pid 5000] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5000] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5000] close(3) = 0 [pid 5000] mkdir("./file2", 0777) = 0 [pid 5000] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5000] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5000] chdir("./file2") = 0 [pid 5000] ioctl(4, LOOP_CLR_FD) = 0 [pid 5000] close(4) = 0 [pid 5000] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4998] <... futex resumed>) = 0 [pid 4998] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5000] <... futex resumed>) = 1 [pid 4998] <... futex resumed>) = 0 [pid 4998] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5000] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5000] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4998] <... futex resumed>) = 0 [pid 4998] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4998] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5000] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5000] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4998] <... futex resumed>) = 0 [pid 4998] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4998] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5000] write(4, "\x00\x00", 2) = 2 [pid 5000] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4998] <... futex resumed>) = 0 [pid 4998] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4998] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4998] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5000] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 4998] <... mmap resumed>) = 0x7f8041315000 [pid 4998] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4998] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5001], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5001 ./strace-static-x86_64: Process 5001 attached [pid 5000] <... mmap resumed>) = 0x20000000 [pid 4998] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4998] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5001] set_robust_list(0x7f80413359e0, 24 [pid 5000] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5001] <... set_robust_list resumed>) = 0 [pid 5001] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5001] openat(AT_FDCWD, "", O_RDONLY [pid 5000] <... futex resumed>) = 0 [pid 5001] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5001] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4998] <... futex resumed>) = 0 [pid 4998] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5000] getdents64(-1, [pid 4998] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5001] <... futex resumed>) = 1 [pid 5001] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5000] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5000] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4998] <... futex resumed>) = 0 [pid 4998] exit_group(0) = ? [pid 5000] +++ exited with 0 +++ [pid 5001] <... futex resumed>) = ? [pid 5001] +++ exited with 0 +++ [pid 4998] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4998, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) syzkaller login: [ 44.344494][ T5000] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5000 'syz-executor181' [ 44.360361][ T5000] loop0: detected capacity change from 0 to 256 [ 44.369524][ T5000] exfat: Deprecated parameter 'utf8' [ 44.380078][ T5000] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 umount2("./0/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5002 ./strace-static-x86_64: Process 5002 attached [pid 5002] set_robust_list(0x555555e366e0, 24) = 0 [pid 5002] chdir("./1") = 0 [pid 5002] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5002] setpgid(0, 0) = 0 [pid 5002] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5002] write(3, "1000", 4) = 4 [pid 5002] close(3) = 0 [pid 5002] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5002] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5002] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5002] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5002] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5003 attached , parent_tid=[5003], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5003 [pid 5003] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5002] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5003] memfd_create("syzkaller", 0) = 3 [pid 5003] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5002] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5003] <... mmap resumed>) = 0x7f8041316000 [pid 5003] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5003] munmap(0x7f8041316000, 131072) = 0 [pid 5003] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5003] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5003] close(3) = 0 [pid 5003] mkdir("./file2", 0777) = 0 [pid 5003] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5003] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5003] chdir("./file2") = 0 [pid 5003] ioctl(4, LOOP_CLR_FD) = 0 [pid 5003] close(4) = 0 [pid 5003] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5002] <... futex resumed>) = 0 [pid 5002] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5002] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5003] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5003] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5002] <... futex resumed>) = 0 [pid 5002] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5002] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5003] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5003] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5002] <... futex resumed>) = 0 [pid 5002] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5002] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5003] write(4, "\x00\x00", 2) = 2 [pid 5003] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5002] <... futex resumed>) = 0 [pid 5002] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5002] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5002] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5002] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5002] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5004], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5004 [pid 5002] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5002] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5004 attached [pid 5004] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5004] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5003] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5003] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5003] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5004] <... openat resumed>) = 6 [pid 5004] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5002] <... futex resumed>) = 0 [pid 5002] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5002] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5004] <... futex resumed>) = 1 [pid 5004] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5003] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5003] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 5003] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5002] <... futex resumed>) = 0 [pid 5002] exit_group(0) = ? [pid 5004] <... futex resumed>) = ? [pid 5004] +++ exited with 0 +++ [pid 5003] +++ exited with 0 +++ [pid 5002] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5002, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 [ 44.485901][ T5003] loop0: detected capacity change from 0 to 256 [ 44.494671][ T5003] exfat: Deprecated parameter 'utf8' [ 44.504153][ T5003] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./1/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5005 ./strace-static-x86_64: Process 5005 attached [pid 5005] set_robust_list(0x555555e366e0, 24) = 0 [pid 5005] chdir("./2") = 0 [pid 5005] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5005] setpgid(0, 0) = 0 [pid 5005] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5005] write(3, "1000", 4) = 4 [pid 5005] close(3) = 0 [pid 5005] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5005] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5005] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5005] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5005] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5006 attached , parent_tid=[5006], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5006 [pid 5006] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5006] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5005] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5006] <... futex resumed>) = 0 [pid 5006] memfd_create("syzkaller", 0) = 3 [pid 5006] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5005] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5006] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5006] munmap(0x7f8041316000, 131072) = 0 [pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5006] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5006] close(3) = 0 [pid 5006] mkdir("./file2", 0777) = 0 [pid 5006] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5006] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5006] chdir("./file2") = 0 [pid 5006] ioctl(4, LOOP_CLR_FD) = 0 [pid 5006] close(4) = 0 [pid 5006] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5005] <... futex resumed>) = 0 [pid 5005] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5005] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5006] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5006] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5005] <... futex resumed>) = 0 [pid 5005] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5006] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5005] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5006] <... openat resumed>) = 5 [pid 5006] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5005] <... futex resumed>) = 0 [pid 5005] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5005] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5006] write(4, "\x00\x00", 2) = 2 [pid 5006] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5005] <... futex resumed>) = 0 [pid 5005] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5005] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5005] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5005] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5005] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5007], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5007 [pid 5005] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5005] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5006] <... futex resumed>) = 1 [pid 5006] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0./strace-static-x86_64: Process 5007 attached ) = 0x20000000 [pid 5006] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5006] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5007] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5007] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5007] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5007] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5005] <... futex resumed>) = 0 [pid 5005] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5006] <... futex resumed>) = 0 [pid 5005] <... futex resumed>) = 1 [pid 5006] getdents64(-1, [pid 5005] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5006] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5006] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5005] <... futex resumed>) = 0 [pid 5006] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5005] exit_group(0 [pid 5006] <... futex resumed>) = ? [pid 5005] <... exit_group resumed>) = ? [pid 5006] +++ exited with 0 +++ [pid 5007] +++ exited with 0 +++ [pid 5005] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5005, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 umount2("./2/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 44.599735][ T5006] loop0: detected capacity change from 0 to 256 [ 44.609433][ T5006] exfat: Deprecated parameter 'utf8' [ 44.618426][ T5006] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5008 ./strace-static-x86_64: Process 5008 attached [pid 5008] set_robust_list(0x555555e366e0, 24) = 0 [pid 5008] chdir("./3") = 0 [pid 5008] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5008] setpgid(0, 0) = 0 [pid 5008] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5008] write(3, "1000", 4) = 4 [pid 5008] close(3) = 0 [pid 5008] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5008] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5008] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5008] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5008] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5009 attached , parent_tid=[5009], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5009 [pid 5009] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5009] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5008] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5009] <... futex resumed>) = 0 [pid 5008] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5009] memfd_create("syzkaller", 0) = 3 [pid 5009] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5009] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5009] munmap(0x7f8041316000, 131072) = 0 [pid 5009] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5009] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5009] close(3) = 0 [pid 5009] mkdir("./file2", 0777) = 0 [pid 5009] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5009] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5009] chdir("./file2") = 0 [pid 5009] ioctl(4, LOOP_CLR_FD) = 0 [pid 5009] close(4) = 0 [pid 5009] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] <... futex resumed>) = 0 [pid 5008] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5008] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5009] <... futex resumed>) = 1 [pid 5009] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5009] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] <... futex resumed>) = 0 [pid 5008] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5008] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5009] <... futex resumed>) = 1 [pid 5009] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5009] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] <... futex resumed>) = 0 [pid 5008] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5008] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5009] <... futex resumed>) = 1 [pid 5009] write(4, "\x00\x00", 2) = 2 [pid 5009] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] <... futex resumed>) = 0 [pid 5008] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5008] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5008] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5008] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5008] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5010], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5010 ./strace-static-x86_64: Process 5010 attached [pid 5008] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5008] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5009] <... futex resumed>) = 1 [pid 5010] set_robust_list(0x7f80413359e0, 24 [pid 5009] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5010] <... set_robust_list resumed>) = 0 [pid 5009] <... mmap resumed>) = 0x20000000 [pid 5010] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5009] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5009] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5010] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5010] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] <... futex resumed>) = 0 [pid 5008] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5008] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5009] <... futex resumed>) = 0 [pid 5009] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5009] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] <... futex resumed>) = 0 [pid 5008] exit_group(0) = ? [pid 5009] <... futex resumed>) = ? [pid 5009] +++ exited with 0 +++ [pid 5010] <... futex resumed>) = ? [pid 5010] +++ exited with 0 +++ [pid 5008] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5008, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 umount2("./3/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5011 ./strace-static-x86_64: Process 5011 attached [pid 5011] set_robust_list(0x555555e366e0, 24) = 0 [pid 5011] chdir("./4") = 0 [pid 5011] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5011] setpgid(0, 0) = 0 [pid 5011] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5011] write(3, "1000", 4) = 4 [pid 5011] close(3) = 0 [pid 5011] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5011] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5011] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5011] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5011] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5012], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5012 [pid 5011] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5011] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5012 attached [pid 5012] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5012] memfd_create("syzkaller", 0) = 3 [pid 5012] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5012] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5012] munmap(0x7f8041316000, 131072) = 0 [pid 5012] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 44.690736][ T5009] loop0: detected capacity change from 0 to 256 [ 44.699423][ T5009] exfat: Deprecated parameter 'utf8' [ 44.708541][ T5009] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5012] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5012] close(3) = 0 [pid 5012] mkdir("./file2", 0777) = 0 [pid 5012] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5012] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5012] chdir("./file2") = 0 [pid 5012] ioctl(4, LOOP_CLR_FD) = 0 [pid 5012] close(4) = 0 [pid 5012] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5011] <... futex resumed>) = 0 [pid 5012] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5011] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5011] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5012] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5012] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5012] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5011] <... futex resumed>) = 0 [pid 5011] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5011] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5012] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5012] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5011] <... futex resumed>) = 0 [pid 5012] write(4, "\x00\x00", 2 [pid 5011] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5012] <... write resumed>) = 2 [pid 5011] <... futex resumed>) = 0 [pid 5012] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5011] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5012] <... futex resumed>) = 0 [pid 5011] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5012] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5011] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5012] <... mmap resumed>) = 0x20000000 [pid 5011] <... futex resumed>) = 0 [pid 5012] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5011] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5012] <... futex resumed>) = 0 [pid 5011] <... futex resumed>) = 0 [pid 5012] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5011] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5011] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5011] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5013], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5013 ./strace-static-x86_64: Process 5013 attached [pid 5011] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5011] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5013] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5013] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5013] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5013] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5011] <... futex resumed>) = 0 [pid 5013] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5011] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5012] <... futex resumed>) = 0 [pid 5011] <... futex resumed>) = 1 [pid 5012] getdents64(-1, [pid 5011] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5012] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5012] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5011] <... futex resumed>) = 0 [pid 5012] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5011] exit_group(0 [pid 5013] <... futex resumed>) = ? [pid 5012] <... futex resumed>) = ? [pid 5011] <... exit_group resumed>) = ? [pid 5013] +++ exited with 0 +++ [pid 5012] +++ exited with 0 +++ [pid 5011] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5011, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 umount2("./4/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5014 ./strace-static-x86_64: Process 5014 attached [pid 5014] set_robust_list(0x555555e366e0, 24) = 0 [pid 5014] chdir("./5") = 0 [pid 5014] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5014] setpgid(0, 0) = 0 [pid 5014] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5014] write(3, "1000", 4) = 4 [pid 5014] close(3) = 0 [pid 5014] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5014] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5014] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5014] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5015], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5015 [pid 5014] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5015 attached [pid 5015] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5015] memfd_create("syzkaller", 0) = 3 [pid 5015] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5015] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5015] munmap(0x7f8041316000, 131072) = 0 [pid 5015] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 44.762127][ T5012] loop0: detected capacity change from 0 to 256 [ 44.770242][ T5012] exfat: Deprecated parameter 'utf8' [ 44.779753][ T5012] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5015] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5015] close(3) = 0 [pid 5015] mkdir("./file2", 0777) = 0 [pid 5015] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5015] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5015] chdir("./file2") = 0 [pid 5015] ioctl(4, LOOP_CLR_FD) = 0 [pid 5015] close(4) = 0 [pid 5015] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5014] <... futex resumed>) = 0 [pid 5014] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5015] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5015] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5014] <... futex resumed>) = 0 [pid 5014] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5015] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5015] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5014] <... futex resumed>) = 0 [pid 5014] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5015] write(4, "\x00\x00", 2) = 2 [pid 5015] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5014] <... futex resumed>) = 0 [pid 5015] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5014] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5015] <... mmap resumed>) = 0x20000000 [pid 5014] <... mmap resumed>) = 0x7f8041315000 [pid 5014] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE [pid 5015] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5014] <... mprotect resumed>) = 0 [pid 5014] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5015] <... futex resumed>) = 0 [pid 5014] <... clone resumed>, parent_tid=[5016], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5016 [pid 5014] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5015] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5016 attached [pid 5016] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5016] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5016] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5016] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5014] <... futex resumed>) = 0 [pid 5014] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5014] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5016] <... futex resumed>) = 1 [pid 5016] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5015] <... futex resumed>) = 0 [pid 5015] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5015] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5014] <... futex resumed>) = 0 [pid 5014] exit_group(0) = ? [pid 5016] <... futex resumed>) = ? [pid 5015] +++ exited with 0 +++ [pid 5016] +++ exited with 0 +++ [pid 5014] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5014, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 [ 44.838924][ T5015] loop0: detected capacity change from 0 to 256 [ 44.847170][ T5015] exfat: Deprecated parameter 'utf8' [ 44.856989][ T5015] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./5/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5017 ./strace-static-x86_64: Process 5017 attached [pid 5017] set_robust_list(0x555555e366e0, 24) = 0 [pid 5017] chdir("./6") = 0 [pid 5017] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5017] setpgid(0, 0) = 0 [pid 5017] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5017] write(3, "1000", 4) = 4 [pid 5017] close(3) = 0 [pid 5017] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5017] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5017] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5017] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5017] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5018 attached , parent_tid=[5018], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5018 [pid 5017] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5018] set_robust_list(0x7f80497369e0, 24 [pid 5017] <... futex resumed>) = 0 [pid 5018] <... set_robust_list resumed>) = 0 [pid 5017] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5018] memfd_create("syzkaller", 0) = 3 [pid 5018] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5018] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5018] munmap(0x7f8041316000, 131072) = 0 [pid 5018] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5018] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5018] close(3) = 0 [pid 5018] mkdir("./file2", 0777) = 0 [pid 5018] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5018] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5018] chdir("./file2") = 0 [pid 5018] ioctl(4, LOOP_CLR_FD) = 0 [pid 5018] close(4) = 0 [pid 5018] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5017] <... futex resumed>) = 0 [pid 5017] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5018] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5017] <... futex resumed>) = 0 [pid 5017] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5018] <... openat resumed>) = 4 [pid 5018] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5017] <... futex resumed>) = 0 [pid 5017] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5017] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5018] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5018] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5017] <... futex resumed>) = 0 [pid 5017] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5017] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5018] write(4, "\x00\x00", 2) = 2 [pid 5018] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5017] <... futex resumed>) = 0 [pid 5017] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5017] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5017] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5017] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5018] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5017] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5019], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5019 [pid 5017] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5017] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5019 attached [pid 5019] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5019] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5018] <... mmap resumed>) = 0x20000000 [pid 5019] <... openat resumed>) = 6 [pid 5018] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5019] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5018] <... futex resumed>) = 0 [pid 5018] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5019] <... futex resumed>) = 1 [pid 5017] <... futex resumed>) = 0 [pid 5017] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5017] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5019] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5018] <... futex resumed>) = 0 [pid 5018] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 5018] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5017] <... futex resumed>) = 0 [pid 5017] exit_group(0) = ? [pid 5019] <... futex resumed>) = ? [pid 5018] <... futex resumed>) = ? [pid 5018] +++ exited with 0 +++ [pid 5019] +++ exited with 0 +++ [pid 5017] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5017, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./6/binderfs") = 0 [ 44.957146][ T5018] loop0: detected capacity change from 0 to 256 [ 44.966282][ T5018] exfat: Deprecated parameter 'utf8' [ 44.975288][ T5018] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./6/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5020 attached , child_tidptr=0x555555e366d0) = 5020 [pid 5020] set_robust_list(0x555555e366e0, 24) = 0 [pid 5020] chdir("./7") = 0 [pid 5020] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5020] setpgid(0, 0) = 0 [pid 5020] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5020] write(3, "1000", 4) = 4 [pid 5020] close(3) = 0 [pid 5020] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5020] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5020] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5020] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5020] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5021 attached [pid 5021] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5021] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5020] <... clone resumed>, parent_tid=[5021], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5021 [pid 5020] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5021] <... futex resumed>) = 0 [pid 5020] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5021] memfd_create("syzkaller", 0) = 3 [pid 5021] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5021] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5021] munmap(0x7f8041316000, 131072) = 0 [pid 5021] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5021] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5021] close(3) = 0 [pid 5021] mkdir("./file2", 0777) = 0 [pid 5021] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5021] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5021] chdir("./file2") = 0 [pid 5021] ioctl(4, LOOP_CLR_FD) = 0 [pid 5021] close(4) = 0 [pid 5021] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5020] <... futex resumed>) = 0 [pid 5020] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5020] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5021] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5021] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5020] <... futex resumed>) = 0 [pid 5020] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5020] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5021] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5021] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5020] <... futex resumed>) = 0 [pid 5020] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5020] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5021] write(4, "\x00\x00", 2) = 2 [pid 5021] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5020] <... futex resumed>) = 0 [pid 5020] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5020] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5020] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5021] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5020] <... mmap resumed>) = 0x7f8041315000 [pid 5020] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5020] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5022], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5022 ./strace-static-x86_64: Process 5022 attached [pid 5021] <... mmap resumed>) = 0x20000000 [pid 5020] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5020] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5022] set_robust_list(0x7f80413359e0, 24 [pid 5021] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5022] <... set_robust_list resumed>) = 0 [pid 5022] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5021] <... futex resumed>) = 0 [pid 5022] openat(AT_FDCWD, "", O_RDONLY [pid 5021] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5022] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5022] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5020] <... futex resumed>) = 0 [pid 5020] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5020] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5022] <... futex resumed>) = 1 [pid 5021] <... futex resumed>) = 0 [pid 5022] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5021] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5021] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5020] <... futex resumed>) = 0 [pid 5021] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5020] exit_group(0) = ? [pid 5021] <... futex resumed>) = ? [pid 5021] +++ exited with 0 +++ [pid 5022] <... futex resumed>) = ? [pid 5022] +++ exited with 0 +++ [pid 5020] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5020, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./7/binderfs") = 0 umount2("./7/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./7/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5023 ./strace-static-x86_64: Process 5023 attached [pid 5023] set_robust_list(0x555555e366e0, 24) = 0 [pid 5023] chdir("./8") = 0 [pid 5023] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5023] setpgid(0, 0) = 0 [pid 5023] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5023] write(3, "1000", 4) = 4 [pid 5023] close(3) = 0 [pid 5023] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5023] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5023] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5023] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5023] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5024], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5024 [pid 5023] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5024 attached ) = 0 [pid 5023] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5024] set_robust_list(0x7f80497369e0, 24) = 0 [ 45.073887][ T5021] loop0: detected capacity change from 0 to 256 [ 45.082342][ T5021] exfat: Deprecated parameter 'utf8' [ 45.092088][ T5021] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5024] memfd_create("syzkaller", 0) = 3 [pid 5024] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5024] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5024] munmap(0x7f8041316000, 131072) = 0 [pid 5024] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5024] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5024] close(3) = 0 [pid 5024] mkdir("./file2", 0777) = 0 [pid 5024] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5024] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5024] chdir("./file2") = 0 [pid 5024] ioctl(4, LOOP_CLR_FD) = 0 [pid 5024] close(4) = 0 [pid 5024] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5023] <... futex resumed>) = 0 [pid 5024] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5023] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5023] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5024] <... futex resumed>) = 0 [pid 5024] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5024] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5023] <... futex resumed>) = 0 [pid 5024] <... futex resumed>) = 1 [pid 5023] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5023] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5024] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5024] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5023] <... futex resumed>) = 0 [pid 5023] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5023] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5024] write(4, "\x00\x00", 2) = 2 [pid 5024] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5023] <... futex resumed>) = 0 [pid 5023] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5023] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5023] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5023] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5023] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5025], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5025 [pid 5023] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5023] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5025 attached [pid 5025] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5025] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5024] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5025] <... openat resumed>) = 6 [pid 5025] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5023] <... futex resumed>) = 0 [pid 5023] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5023] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5024] <... mmap resumed>) = 0x20000000 [pid 5025] <... futex resumed>) = 1 [pid 5025] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 5024] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5023] <... futex resumed>) = 0 [pid 5023] exit_group(0) = ? [pid 5025] <... futex resumed>) = ? [pid 5025] +++ exited with 0 +++ [pid 5024] <... futex resumed>) = ? [pid 5024] +++ exited with 0 +++ [pid 5023] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5023, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./8/binderfs") = 0 umount2("./8/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./8/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5026 ./strace-static-x86_64: Process 5026 attached [pid 5026] set_robust_list(0x555555e366e0, 24) = 0 [pid 5026] chdir("./9") = 0 [pid 5026] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5026] setpgid(0, 0) = 0 [pid 5026] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5026] write(3, "1000", 4) = 4 [pid 5026] close(3) = 0 [pid 5026] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5026] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5026] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [ 45.158323][ T5024] loop0: detected capacity change from 0 to 256 [ 45.167197][ T5024] exfat: Deprecated parameter 'utf8' [ 45.176375][ T5024] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5026] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5027 attached [pid 5027] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5027] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5026] <... clone resumed>, parent_tid=[5027], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5027 [pid 5026] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5027] <... futex resumed>) = 0 [pid 5027] memfd_create("syzkaller", 0 [pid 5026] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5027] <... memfd_create resumed>) = 3 [pid 5027] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5027] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5027] munmap(0x7f8041316000, 131072) = 0 [pid 5027] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5027] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5027] close(3) = 0 [pid 5027] mkdir("./file2", 0777) = 0 [pid 5027] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5027] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5027] chdir("./file2") = 0 [pid 5027] ioctl(4, LOOP_CLR_FD) = 0 [pid 5027] close(4) = 0 [pid 5027] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5026] <... futex resumed>) = 0 [pid 5027] <... futex resumed>) = 1 [pid 5026] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5027] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5026] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5027] <... openat resumed>) = 4 [pid 5027] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5026] <... futex resumed>) = 0 [pid 5026] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5026] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5027] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5027] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5026] <... futex resumed>) = 0 [pid 5026] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5026] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5027] write(4, "\x00\x00", 2) = 2 [pid 5027] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5026] <... futex resumed>) = 0 [pid 5026] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5026] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5026] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5026] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5028], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5028 [pid 5026] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5026] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5028 attached [pid 5028] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5028] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5027] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5028] <... openat resumed>) = 6 [pid 5028] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5026] <... futex resumed>) = 0 [pid 5026] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5026] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5028] <... futex resumed>) = 1 [pid 5027] <... mmap resumed>) = 0x20000000 [pid 5028] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 5028] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5026] <... futex resumed>) = 0 [pid 5028] <... futex resumed>) = 1 [pid 5028] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5027] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5026] exit_group(0 [pid 5028] <... futex resumed>) = ? [pid 5026] <... exit_group resumed>) = ? [pid 5028] +++ exited with 0 +++ [pid 5027] +++ exited with 0 +++ [pid 5026] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5026, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./9/binderfs") = 0 umount2("./9/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./9/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5029 ./strace-static-x86_64: Process 5029 attached [pid 5029] set_robust_list(0x555555e366e0, 24) = 0 [pid 5029] chdir("./10") = 0 [pid 5029] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5029] setpgid(0, 0) = 0 [pid 5029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5029] write(3, "1000", 4) = 4 [pid 5029] close(3) = 0 [pid 5029] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5029] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5029] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5029] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5030], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5030 [pid 5029] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5029] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5030 attached [pid 5030] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5030] memfd_create("syzkaller", 0) = 3 [pid 5030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5030] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5030] munmap(0x7f8041316000, 131072) = 0 [pid 5030] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 45.245785][ T5027] loop0: detected capacity change from 0 to 256 [ 45.254037][ T5027] exfat: Deprecated parameter 'utf8' [ 45.263559][ T5027] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5030] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5030] close(3) = 0 [pid 5030] mkdir("./file2", 0777) = 0 [pid 5030] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5030] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5030] chdir("./file2") = 0 [pid 5030] ioctl(4, LOOP_CLR_FD) = 0 [pid 5030] close(4) = 0 [pid 5030] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5030] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5029] <... futex resumed>) = 0 [pid 5029] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5029] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5030] <... futex resumed>) = 0 [pid 5030] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5030] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] <... futex resumed>) = 0 [pid 5029] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5029] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5030] <... futex resumed>) = 1 [pid 5030] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5030] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5029] <... futex resumed>) = 0 [pid 5030] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5029] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5029] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5030] <... futex resumed>) = 0 [pid 5030] write(4, "\x00\x00", 2) = 2 [pid 5030] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5029] <... futex resumed>) = 0 [pid 5029] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5029] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5029] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5030] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5029] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5031], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5031 ./strace-static-x86_64: Process 5031 attached [pid 5030] <... mmap resumed>) = 0x20000000 [pid 5029] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5029] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5031] set_robust_list(0x7f80413359e0, 24 [pid 5030] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5031] <... set_robust_list resumed>) = 0 [pid 5030] <... futex resumed>) = 0 [pid 5030] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5031] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5031] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5031] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5029] <... futex resumed>) = 0 [pid 5029] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5029] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5031] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5030] <... futex resumed>) = 0 [pid 5030] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5030] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5029] <... futex resumed>) = 0 [pid 5029] exit_group(0) = ? [pid 5030] +++ exited with 0 +++ [pid 5031] <... futex resumed>) = ? [pid 5031] +++ exited with 0 +++ [pid 5029] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5029, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./10/binderfs") = 0 umount2("./10/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./10/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5032 attached [ 45.319384][ T5030] loop0: detected capacity change from 0 to 256 [ 45.328289][ T5030] exfat: Deprecated parameter 'utf8' [ 45.337167][ T5030] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) , child_tidptr=0x555555e366d0) = 5032 [pid 5032] set_robust_list(0x555555e366e0, 24) = 0 [pid 5032] chdir("./11") = 0 [pid 5032] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5032] setpgid(0, 0) = 0 [pid 5032] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5032] write(3, "1000", 4) = 4 [pid 5032] close(3) = 0 [pid 5032] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5032] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5032] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5032] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5032] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5033 attached , parent_tid=[5033], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5033 [pid 5033] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5033] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5032] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5033] <... futex resumed>) = 0 [pid 5033] memfd_create("syzkaller", 0 [pid 5032] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5033] <... memfd_create resumed>) = 3 [pid 5033] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5033] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5033] munmap(0x7f8041316000, 131072) = 0 [pid 5033] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5033] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5033] close(3) = 0 [pid 5033] mkdir("./file2", 0777) = 0 [pid 5033] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5033] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5033] chdir("./file2") = 0 [pid 5033] ioctl(4, LOOP_CLR_FD) = 0 [pid 5033] close(4) = 0 [pid 5033] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] <... futex resumed>) = 0 [pid 5032] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5032] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5033] <... futex resumed>) = 1 [pid 5033] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5033] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5032] <... futex resumed>) = 0 [pid 5032] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5032] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5033] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5033] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5032] <... futex resumed>) = 0 [pid 5032] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5032] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5033] write(4, "\x00\x00", 2) = 2 [pid 5033] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5032] <... futex resumed>) = 0 [pid 5032] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5032] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5032] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5032] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5032] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5033] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5032] <... clone resumed>, parent_tid=[5034], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5034 [pid 5032] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5032] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5034 attached [pid 5034] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5034] openat(AT_FDCWD, "./file0", O_RDONLY) = 6 [pid 5034] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] <... futex resumed>) = 0 [pid 5032] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5032] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5034] <... futex resumed>) = 1 [pid 5033] <... mmap resumed>) = 0x20000000 [pid 5034] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 5034] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] <... futex resumed>) = 0 [pid 5034] <... futex resumed>) = 1 [pid 5034] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5033] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5033] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5032] exit_group(0) = ? [pid 5034] <... futex resumed>) = ? [pid 5034] +++ exited with 0 +++ [pid 5033] <... futex resumed>) = ? [pid 5033] +++ exited with 0 +++ [pid 5032] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5032, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./11/binderfs") = 0 [ 45.421752][ T5033] loop0: detected capacity change from 0 to 256 [ 45.430136][ T5033] exfat: Deprecated parameter 'utf8' [ 45.439424][ T5033] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./11/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./11/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5035 ./strace-static-x86_64: Process 5035 attached [pid 5035] set_robust_list(0x555555e366e0, 24) = 0 [pid 5035] chdir("./12") = 0 [pid 5035] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5035] setpgid(0, 0) = 0 [pid 5035] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5035] write(3, "1000", 4) = 4 [pid 5035] close(3) = 0 [pid 5035] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5035] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5035] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5035] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5035] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5036 attached [pid 5036] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5036] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5035] <... clone resumed>, parent_tid=[5036], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5036 [pid 5035] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5036] <... futex resumed>) = 0 [pid 5035] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5036] memfd_create("syzkaller", 0) = 3 [pid 5036] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5036] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5036] munmap(0x7f8041316000, 131072) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5036] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5036] close(3) = 0 [pid 5036] mkdir("./file2", 0777) = 0 [pid 5036] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5036] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5036] chdir("./file2") = 0 [pid 5036] ioctl(4, LOOP_CLR_FD) = 0 [pid 5036] close(4) = 0 [pid 5036] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5035] <... futex resumed>) = 0 [pid 5036] <... futex resumed>) = 1 [pid 5035] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5036] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5035] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5036] <... openat resumed>) = 4 [pid 5036] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5035] <... futex resumed>) = 0 [pid 5035] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5035] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5036] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5036] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5035] <... futex resumed>) = 0 [pid 5035] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5035] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5036] write(4, "\x00\x00", 2) = 2 [pid 5036] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5035] <... futex resumed>) = 0 [pid 5035] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5035] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5035] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5035] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5035] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5037], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5037 [pid 5035] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5035] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5037 attached [pid 5037] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5037] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5036] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5037] <... openat resumed>) = 6 [pid 5037] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5035] <... futex resumed>) = 0 [pid 5035] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5035] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5037] <... futex resumed>) = 1 [pid 5037] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 5037] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5035] <... futex resumed>) = 0 [pid 5037] <... futex resumed>) = 1 [pid 5037] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5036] <... mmap resumed>) = 0x20000000 [pid 5036] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5035] exit_group(0 [pid 5037] <... futex resumed>) = ? [pid 5035] <... exit_group resumed>) = ? [pid 5037] +++ exited with 0 +++ [pid 5036] +++ exited with 0 +++ [pid 5035] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5035, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./12/binderfs") = 0 umount2("./12/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./12/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5038 ./strace-static-x86_64: Process 5038 attached [pid 5038] set_robust_list(0x555555e366e0, 24) = 0 [pid 5038] chdir("./13") = 0 [pid 5038] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5038] setpgid(0, 0) = 0 [pid 5038] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5038] write(3, "1000", 4) = 4 [ 45.527843][ T5036] loop0: detected capacity change from 0 to 256 [ 45.536054][ T5036] exfat: Deprecated parameter 'utf8' [ 45.545626][ T5036] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5038] close(3) = 0 [pid 5038] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5038] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5038] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5038] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5038] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5039 attached [pid 5039] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5039] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5038] <... clone resumed>, parent_tid=[5039], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5039 [pid 5038] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5039] <... futex resumed>) = 0 [pid 5038] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5039] memfd_create("syzkaller", 0) = 3 [pid 5039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5039] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5039] munmap(0x7f8041316000, 131072) = 0 [pid 5039] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5039] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5039] close(3) = 0 [pid 5039] mkdir("./file2", 0777) = 0 [pid 5039] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5039] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5039] chdir("./file2") = 0 [pid 5039] ioctl(4, LOOP_CLR_FD) = 0 [pid 5039] close(4) = 0 [pid 5039] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5038] <... futex resumed>) = 0 [pid 5039] <... futex resumed>) = 1 [pid 5038] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5038] <... futex resumed>) = 0 [pid 5038] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5039] <... openat resumed>) = 4 [pid 5039] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5038] <... futex resumed>) = 0 [pid 5038] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5038] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5039] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5039] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5038] <... futex resumed>) = 0 [pid 5038] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5038] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5039] write(4, "\x00\x00", 2) = 2 [pid 5039] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5038] <... futex resumed>) = 0 [pid 5038] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5038] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5038] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5038] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5039] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5038] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5040], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5040 [pid 5038] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5038] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5040 attached [pid 5040] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5040] openat(AT_FDCWD, "./file0", O_RDONLY) = 6 [pid 5040] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5038] <... futex resumed>) = 0 [pid 5038] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5038] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5040] <... futex resumed>) = 1 [pid 5039] <... mmap resumed>) = 0x20000000 [pid 5040] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 5040] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5038] <... futex resumed>) = 0 [pid 5039] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5038] exit_group(0) = ? [pid 5040] <... futex resumed>) = ? [pid 5039] <... futex resumed>) = ? [pid 5040] +++ exited with 0 +++ [pid 5039] +++ exited with 0 +++ [pid 5038] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5038, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./13/binderfs") = 0 umount2("./13/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./13/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5041 ./strace-static-x86_64: Process 5041 attached [pid 5041] set_robust_list(0x555555e366e0, 24) = 0 [pid 5041] chdir("./14") = 0 [pid 5041] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5041] setpgid(0, 0) = 0 [pid 5041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5041] write(3, "1000", 4) = 4 [ 45.618143][ T5039] loop0: detected capacity change from 0 to 256 [ 45.625907][ T5039] exfat: Deprecated parameter 'utf8' [ 45.633964][ T5039] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5041] close(3) = 0 [pid 5041] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5041] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5041] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5041] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5041] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5042 attached [pid 5042] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5041] <... clone resumed>, parent_tid=[5042], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5042 [pid 5042] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5041] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5042] <... futex resumed>) = 0 [pid 5042] memfd_create("syzkaller", 0) = 3 [pid 5042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5041] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5042] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5042] munmap(0x7f8041316000, 131072) = 0 [pid 5042] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5042] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5042] close(3) = 0 [pid 5042] mkdir("./file2", 0777) = 0 [pid 5042] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5042] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5042] chdir("./file2") = 0 [pid 5042] ioctl(4, LOOP_CLR_FD) = 0 [pid 5042] close(4) = 0 [pid 5042] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5042] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5041] <... futex resumed>) = 0 [pid 5041] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5042] <... futex resumed>) = 0 [pid 5042] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5041] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5042] <... openat resumed>) = 4 [pid 5042] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5041] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5041] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5042] <... futex resumed>) = 0 [pid 5042] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5041] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5042] <... openat resumed>) = 5 [pid 5042] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5041] <... futex resumed>) = 0 [pid 5041] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5041] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5042] write(4, "\x00\x00", 2) = 2 [pid 5042] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5041] <... futex resumed>) = 0 [pid 5041] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5041] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5041] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5041] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5041] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5043 attached , parent_tid=[5043], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5043 [pid 5043] set_robust_list(0x7f80413359e0, 24 [pid 5041] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5043] <... set_robust_list resumed>) = 0 [pid 5041] <... futex resumed>) = 0 [pid 5043] openat(AT_FDCWD, "", O_RDONLY [pid 5041] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5042] <... mmap resumed>) = 0x20000000 [pid 5043] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5042] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5043] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5041] <... futex resumed>) = 0 [pid 5043] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5041] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5042] <... futex resumed>) = 0 [pid 5041] <... futex resumed>) = 0 [pid 5041] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5042] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5042] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5041] <... futex resumed>) = 0 [pid 5042] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5041] exit_group(0) = ? [pid 5042] <... futex resumed>) = ? [pid 5043] <... futex resumed>) = ? [pid 5042] +++ exited with 0 +++ [pid 5043] +++ exited with 0 +++ [pid 5041] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5041, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./14/binderfs") = 0 umount2("./14/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./14/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5044 ./strace-static-x86_64: Process 5044 attached [pid 5044] set_robust_list(0x555555e366e0, 24) = 0 [pid 5044] chdir("./15") = 0 [pid 5044] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5044] setpgid(0, 0) = 0 [pid 5044] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 45.707107][ T5042] loop0: detected capacity change from 0 to 256 [ 45.716432][ T5042] exfat: Deprecated parameter 'utf8' [ 45.725344][ T5042] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5044] write(3, "1000", 4) = 4 [pid 5044] close(3) = 0 [pid 5044] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5044] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5044] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5044] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5044] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5045 attached [pid 5045] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5045] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5044] <... clone resumed>, parent_tid=[5045], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5045 [pid 5044] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] <... futex resumed>) = 0 [pid 5044] <... futex resumed>) = 1 [pid 5044] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5045] memfd_create("syzkaller", 0) = 3 [pid 5045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5045] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5045] munmap(0x7f8041316000, 131072) = 0 [pid 5045] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5045] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5045] close(3) = 0 [pid 5045] mkdir("./file2", 0777) = 0 [pid 5045] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5045] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5045] chdir("./file2") = 0 [pid 5045] ioctl(4, LOOP_CLR_FD) = 0 [pid 5045] close(4) = 0 [pid 5045] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5044] <... futex resumed>) = 0 [pid 5044] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5044] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5045] <... futex resumed>) = 1 [pid 5045] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5045] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5044] <... futex resumed>) = 0 [pid 5044] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5044] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5045] <... futex resumed>) = 1 [pid 5045] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5045] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5044] <... futex resumed>) = 0 [pid 5044] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5044] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5045] <... futex resumed>) = 1 [pid 5045] write(4, "\x00\x00", 2) = 2 [pid 5045] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5044] <... futex resumed>) = 0 [pid 5044] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5044] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5044] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5044] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5044] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5045] <... futex resumed>) = 1 [pid 5045] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5044] <... clone resumed>, parent_tid=[5046], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5046 [pid 5044] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5046 attached ) = 0 [pid 5044] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5046] set_robust_list(0x7f80413359e0, 24 [pid 5045] <... mmap resumed>) = 0x20000000 [pid 5046] <... set_robust_list resumed>) = 0 [pid 5046] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5046] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5045] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5046] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5044] <... futex resumed>) = 0 [pid 5044] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5044] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5046] <... futex resumed>) = 1 [pid 5046] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5045] <... futex resumed>) = 1 [pid 5044] <... futex resumed>) = 0 [pid 5044] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5045] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5045] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5044] <... futex resumed>) = 0 [pid 5044] exit_group(0) = ? [pid 5046] <... futex resumed>) = ? [pid 5046] +++ exited with 0 +++ [pid 5045] +++ exited with 0 +++ [pid 5044] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5044, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./15/binderfs") = 0 umount2("./15/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./15/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5047 attached [pid 5047] set_robust_list(0x555555e366e0, 24) = 0 [pid 5047] chdir("./16") = 0 [pid 5047] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5047] setpgid(0, 0) = 0 [ 45.795879][ T5045] loop0: detected capacity change from 0 to 256 [ 45.804689][ T5045] exfat: Deprecated parameter 'utf8' [ 45.813702][ T5045] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5047] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5047] write(3, "1000", 4) = 4 [pid 5047] close(3) = 0 [pid 5047] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5047] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5047] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 4997] <... clone resumed>, child_tidptr=0x555555e366d0) = 5047 [pid 5047] <... mmap resumed>) = 0x7f8049716000 [pid 5047] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5047] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5048], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5048 [pid 5047] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5047] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5048 attached [pid 5048] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5048] memfd_create("syzkaller", 0) = 3 [pid 5048] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5048] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5048] munmap(0x7f8041316000, 131072) = 0 [pid 5048] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5048] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5048] close(3) = 0 [pid 5048] mkdir("./file2", 0777) = 0 [pid 5048] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5048] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5048] chdir("./file2") = 0 [pid 5048] ioctl(4, LOOP_CLR_FD) = 0 [pid 5048] close(4) = 0 [pid 5048] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5047] <... futex resumed>) = 0 [pid 5047] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5048] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5047] <... futex resumed>) = 0 [pid 5047] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5048] <... openat resumed>) = 4 [pid 5048] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5047] <... futex resumed>) = 0 [pid 5047] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5048] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5047] <... futex resumed>) = 0 [pid 5047] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5048] <... openat resumed>) = 5 [pid 5048] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5047] <... futex resumed>) = 0 [pid 5047] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5048] write(4, "\x00\x00", 2 [pid 5047] <... futex resumed>) = 0 [pid 5047] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5048] <... write resumed>) = 2 [pid 5048] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5047] <... futex resumed>) = 0 [pid 5047] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5048] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5047] <... futex resumed>) = 0 [pid 5047] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5047] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5047] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5047] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5049], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5049 ./strace-static-x86_64: Process 5049 attached [pid 5048] <... mmap resumed>) = 0x20000000 [pid 5047] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5048] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5047] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5049] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5049] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5049] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5049] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5047] <... futex resumed>) = 0 [pid 5047] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5047] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5049] <... futex resumed>) = 1 [pid 5048] <... futex resumed>) = 1 [pid 5047] <... futex resumed>) = 0 [pid 5048] getdents64(-1, [pid 5047] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5048] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5049] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5048] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5047] <... futex resumed>) = 0 [pid 5048] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5047] exit_group(0) = ? [pid 5048] <... futex resumed>) = ? [pid 5049] <... futex resumed>) = ? [pid 5049] +++ exited with 0 +++ [pid 5048] +++ exited with 0 +++ [pid 5047] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5047, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./16/binderfs") = 0 umount2("./16/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./16/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5050 ./strace-static-x86_64: Process 5050 attached [pid 5050] set_robust_list(0x555555e366e0, 24) = 0 [pid 5050] chdir("./17") = 0 [pid 5050] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5050] setpgid(0, 0) = 0 [pid 5050] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5050] write(3, "1000", 4) = 4 [pid 5050] close(3) = 0 [pid 5050] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5050] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5050] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5050] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5051], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5051 [pid 5050] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5051 attached [pid 5051] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5051] memfd_create("syzkaller", 0) = 3 [pid 5051] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5051] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5051] munmap(0x7f8041316000, 131072) = 0 [pid 5051] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 45.884046][ T5048] loop0: detected capacity change from 0 to 256 [ 45.892258][ T5048] exfat: Deprecated parameter 'utf8' [ 45.901419][ T5048] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5051] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5051] close(3) = 0 [pid 5051] mkdir("./file2", 0777) = 0 [pid 5051] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5051] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5051] chdir("./file2") = 0 [pid 5051] ioctl(4, LOOP_CLR_FD) = 0 [pid 5051] close(4) = 0 [pid 5051] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5050] <... futex resumed>) = 0 [pid 5050] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5051] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5051] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5050] <... futex resumed>) = 0 [pid 5050] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5051] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5051] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5050] <... futex resumed>) = 0 [pid 5050] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5051] write(4, "\x00\x00", 2) = 2 [pid 5051] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5050] <... futex resumed>) = 0 [pid 5050] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5050] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5051] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5050] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5052], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5052 [pid 5050] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5051] <... mmap resumed>) = 0x20000000 [pid 5051] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5051] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5052 attached [pid 5052] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5052] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5052] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5052] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] <... futex resumed>) = 0 [pid 5050] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5050] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5052] <... futex resumed>) = 1 [pid 5052] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5051] <... futex resumed>) = 0 [pid 5051] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5051] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] <... futex resumed>) = 0 [pid 5051] <... futex resumed>) = 1 [pid 5050] exit_group(0) = ? [pid 5051] +++ exited with 0 +++ [pid 5052] <... futex resumed>) = ? [pid 5052] +++ exited with 0 +++ [pid 5050] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5050, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./17/binderfs") = 0 umount2("./17/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./17/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5053 attached , child_tidptr=0x555555e366d0) = 5053 [pid 5053] set_robust_list(0x555555e366e0, 24) = 0 [pid 5053] chdir("./18") = 0 [pid 5053] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5053] setpgid(0, 0) = 0 [pid 5053] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5053] write(3, "1000", 4) = 4 [pid 5053] close(3) = 0 [pid 5053] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5053] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5053] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5053] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5054], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5054 [pid 5053] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5054 attached [pid 5053] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5054] set_robust_list(0x7f80497369e0, 24) = 0 [ 45.957557][ T5051] loop0: detected capacity change from 0 to 256 [ 45.966323][ T5051] exfat: Deprecated parameter 'utf8' [ 45.975652][ T5051] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5054] memfd_create("syzkaller", 0) = 3 [pid 5054] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5054] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5054] munmap(0x7f8041316000, 131072) = 0 [pid 5054] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5054] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5054] close(3) = 0 [pid 5054] mkdir("./file2", 0777) = 0 [pid 5054] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5054] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5054] chdir("./file2") = 0 [pid 5054] ioctl(4, LOOP_CLR_FD) = 0 [pid 5054] close(4) = 0 [pid 5054] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5053] <... futex resumed>) = 0 [pid 5053] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5054] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5053] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5054] <... openat resumed>) = 4 [pid 5054] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5053] <... futex resumed>) = 0 [pid 5053] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5054] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5054] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5053] <... futex resumed>) = 0 [pid 5053] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5054] write(4, "\x00\x00", 2) = 2 [pid 5054] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5053] <... futex resumed>) = 0 [pid 5053] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5053] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5053] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5054] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5053] <... clone resumed>, parent_tid=[5055], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5055 ./strace-static-x86_64: Process 5055 attached [pid 5053] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] set_robust_list(0x7f80413359e0, 24 [pid 5053] <... futex resumed>) = 0 [pid 5055] <... set_robust_list resumed>) = 0 [pid 5055] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5053] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5054] <... mmap resumed>) = 0x20000000 [pid 5055] <... openat resumed>) = 6 [pid 5055] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5053] <... futex resumed>) = 0 [pid 5053] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 5055] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5055] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5053] <... futex resumed>) = 0 [pid 5054] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5054] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5053] exit_group(0 [pid 5054] <... futex resumed>) = ? [pid 5053] <... exit_group resumed>) = ? [pid 5054] +++ exited with 0 +++ [pid 5055] <... futex resumed>) = ? [pid 5055] +++ exited with 0 +++ [pid 5053] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5053, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./18/binderfs") = 0 umount2("./18/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./18/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5056 ./strace-static-x86_64: Process 5056 attached [pid 5056] set_robust_list(0x555555e366e0, 24) = 0 [pid 5056] chdir("./19") = 0 [pid 5056] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5056] setpgid(0, 0) = 0 [pid 5056] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5056] write(3, "1000", 4) = 4 [pid 5056] close(3) = 0 [pid 5056] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5056] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5056] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5056] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5057], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5057 [pid 5056] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5057 attached [pid 5057] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5057] memfd_create("syzkaller", 0) = 3 [pid 5057] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5057] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5057] munmap(0x7f8041316000, 131072) = 0 [pid 5057] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 46.043605][ T5054] loop0: detected capacity change from 0 to 256 [ 46.052185][ T5054] exfat: Deprecated parameter 'utf8' [ 46.061306][ T5054] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5057] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5057] close(3) = 0 [pid 5057] mkdir("./file2", 0777) = 0 [pid 5057] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5057] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5057] chdir("./file2") = 0 [pid 5057] ioctl(4, LOOP_CLR_FD) = 0 [pid 5057] close(4) = 0 [pid 5057] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5056] <... futex resumed>) = 0 [pid 5056] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5057] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5057] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5056] <... futex resumed>) = 0 [pid 5056] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5057] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5057] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5056] <... futex resumed>) = 0 [pid 5056] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5057] write(4, "\x00\x00", 2) = 2 [pid 5057] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5056] <... futex resumed>) = 0 [pid 5056] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5056] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE [pid 5057] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5056] <... mprotect resumed>) = 0 [pid 5056] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5058], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5058 ./strace-static-x86_64: Process 5058 attached [pid 5057] <... mmap resumed>) = 0x20000000 [pid 5056] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5058] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5058] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5058] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5058] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5056] <... futex resumed>) = 0 [pid 5056] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5058] <... futex resumed>) = 1 [pid 5058] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5058] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5056] <... futex resumed>) = 0 [pid 5058] <... futex resumed>) = 1 [pid 5058] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5057] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] exit_group(0) = ? [pid 5058] <... futex resumed>) = ? [pid 5058] +++ exited with 0 +++ [pid 5057] +++ exited with 0 +++ [pid 5056] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5056, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./19/binderfs") = 0 umount2("./19/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./19/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 46.116886][ T5057] loop0: detected capacity change from 0 to 256 [ 46.125023][ T5057] exfat: Deprecated parameter 'utf8' [ 46.134381][ T5057] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5059 attached , child_tidptr=0x555555e366d0) = 5059 [pid 5059] set_robust_list(0x555555e366e0, 24) = 0 [pid 5059] chdir("./20") = 0 [pid 5059] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] setpgid(0, 0) = 0 [pid 5059] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5059] write(3, "1000", 4) = 4 [pid 5059] close(3) = 0 [pid 5059] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5059] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5059] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5059] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5060], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5060 [pid 5059] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5060 attached [pid 5060] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5060] memfd_create("syzkaller", 0) = 3 [pid 5060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5060] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5060] munmap(0x7f8041316000, 131072) = 0 [pid 5060] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5060] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5060] close(3) = 0 [pid 5060] mkdir("./file2", 0777) = 0 [pid 5060] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5060] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5060] chdir("./file2") = 0 [pid 5060] ioctl(4, LOOP_CLR_FD) = 0 [pid 5060] close(4) = 0 [pid 5060] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] <... futex resumed>) = 0 [pid 5060] <... futex resumed>) = 1 [pid 5059] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5060] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5060] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5059] <... futex resumed>) = 0 [pid 5060] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5059] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5060] <... openat resumed>) = 5 [pid 5060] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5059] <... futex resumed>) = 0 [pid 5060] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5059] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5060] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5059] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5060] write(4, "\x00\x00", 2) = 2 [pid 5060] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] <... futex resumed>) = 0 [pid 5060] <... futex resumed>) = 1 [pid 5059] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5059] <... futex resumed>) = 0 [pid 5059] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5060] <... mmap resumed>) = 0x20000000 [pid 5059] <... mmap resumed>) = 0x7f8041315000 [pid 5060] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE [pid 5060] <... futex resumed>) = 0 [pid 5059] <... mprotect resumed>) = 0 [pid 5059] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5060] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5059] <... clone resumed>, parent_tid=[5061], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5061 [pid 5059] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5061 attached [pid 5061] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5061] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5061] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5061] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5059] <... futex resumed>) = 0 [pid 5061] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5059] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] <... futex resumed>) = 0 [pid 5059] <... futex resumed>) = 1 [pid 5060] getdents64(-1, [pid 5059] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5060] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5060] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] <... futex resumed>) = 0 [pid 5059] exit_group(0 [pid 5061] <... futex resumed>) = ? [pid 5059] <... exit_group resumed>) = ? [pid 5061] +++ exited with 0 +++ [pid 5060] <... futex resumed>) = ? [pid 5060] +++ exited with 0 +++ [pid 5059] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5059, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./20/binderfs") = 0 [ 46.197961][ T5060] loop0: detected capacity change from 0 to 256 [ 46.205857][ T5060] exfat: Deprecated parameter 'utf8' [ 46.215073][ T5060] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./20/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./20/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5062 ./strace-static-x86_64: Process 5062 attached [pid 5062] set_robust_list(0x555555e366e0, 24) = 0 [pid 5062] chdir("./21") = 0 [pid 5062] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5062] setpgid(0, 0) = 0 [pid 5062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5062] write(3, "1000", 4) = 4 [pid 5062] close(3) = 0 [pid 5062] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5062] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5062] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5062] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5063 attached , parent_tid=[5063], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5063 [pid 5063] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5063] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5063] <... futex resumed>) = 0 [pid 5063] memfd_create("syzkaller", 0) = 3 [pid 5063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5062] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5063] munmap(0x7f8041316000, 131072) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5063] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5063] close(3) = 0 [pid 5063] mkdir("./file2", 0777) = 0 [pid 5063] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5063] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5063] chdir("./file2") = 0 [pid 5063] ioctl(4, LOOP_CLR_FD) = 0 [pid 5063] close(4) = 0 [pid 5063] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... futex resumed>) = 0 [pid 5062] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] <... futex resumed>) = 1 [pid 5063] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5063] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... futex resumed>) = 0 [pid 5062] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] <... futex resumed>) = 1 [pid 5063] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5063] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... futex resumed>) = 0 [pid 5062] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] <... futex resumed>) = 1 [pid 5063] write(4, "\x00\x00", 2) = 2 [pid 5063] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... futex resumed>) = 0 [pid 5062] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5062] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5062] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5064], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5064 [pid 5062] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] <... futex resumed>) = 1 [pid 5063] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5063] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5064 attached [pid 5064] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5064] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5064] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5064] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... futex resumed>) = 0 [pid 5062] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] <... futex resumed>) = 0 [pid 5063] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5063] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] <... futex resumed>) = 0 [pid 5062] exit_group(0) = ? [pid 5063] +++ exited with 0 +++ [pid 5064] <... futex resumed>) = ? [pid 5064] +++ exited with 0 +++ [pid 5062] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5062, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./21/binderfs") = 0 umount2("./21/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./21/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5065 ./strace-static-x86_64: Process 5065 attached [pid 5065] set_robust_list(0x555555e366e0, 24) = 0 [pid 5065] chdir("./22") = 0 [pid 5065] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5065] setpgid(0, 0) = 0 [pid 5065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5065] write(3, "1000", 4) = 4 [pid 5065] close(3) = 0 [pid 5065] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5065] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5065] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5065] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5066 attached [pid 5066] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5065] <... clone resumed>, parent_tid=[5066], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5066 [pid 5065] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] memfd_create("syzkaller", 0 [pid 5065] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5066] <... memfd_create resumed>) = 3 [pid 5066] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5066] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5066] munmap(0x7f8041316000, 131072) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 46.321335][ T5063] loop0: detected capacity change from 0 to 256 [ 46.330197][ T5063] exfat: Deprecated parameter 'utf8' [ 46.339904][ T5063] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5066] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5066] close(3) = 0 [pid 5066] mkdir("./file2", 0777) = 0 [pid 5066] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5066] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5066] chdir("./file2") = 0 [pid 5066] ioctl(4, LOOP_CLR_FD) = 0 [pid 5066] close(4) = 0 [pid 5066] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5065] <... futex resumed>) = 0 [pid 5065] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5066] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5066] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5065] <... futex resumed>) = 0 [pid 5065] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5066] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5066] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5065] <... futex resumed>) = 0 [pid 5065] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5066] write(4, "\x00\x00", 2) = 2 [pid 5066] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... futex resumed>) = 0 [pid 5065] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5065] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5065] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5067], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5067 [pid 5065] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... futex resumed>) = 1 [pid 5065] <... futex resumed>) = 0 [pid 5066] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5065] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5066] <... mmap resumed>) = 0x20000000 ./strace-static-x86_64: Process 5067 attached [pid 5066] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5067] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5067] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5067] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5067] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5065] <... futex resumed>) = 0 [pid 5065] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... futex resumed>) = 0 [pid 5065] <... futex resumed>) = 1 [pid 5066] getdents64(-1, [pid 5065] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5066] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5066] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5065] <... futex resumed>) = 0 [pid 5066] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5065] exit_group(0 [pid 5066] <... futex resumed>) = ? [pid 5065] <... exit_group resumed>) = ? [pid 5066] +++ exited with 0 +++ [pid 5067] +++ exited with 0 +++ [pid 5065] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5065, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./22/binderfs") = 0 umount2("./22/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./22/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5068 attached [pid 5068] set_robust_list(0x555555e366e0, 24) = 0 [ 46.401479][ T5066] loop0: detected capacity change from 0 to 256 [ 46.410309][ T5066] exfat: Deprecated parameter 'utf8' [ 46.419383][ T5066] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 4997] <... clone resumed>, child_tidptr=0x555555e366d0) = 5068 [pid 5068] chdir("./23") = 0 [pid 5068] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5068] setpgid(0, 0) = 0 [pid 5068] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5068] write(3, "1000", 4) = 4 [pid 5068] close(3) = 0 [pid 5068] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5068] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5068] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5068] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5068] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5069], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5069 [pid 5068] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5068] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5069 attached [pid 5069] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5069] memfd_create("syzkaller", 0) = 3 [pid 5069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5069] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5069] munmap(0x7f8041316000, 131072) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5069] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5069] close(3) = 0 [pid 5069] mkdir("./file2", 0777) = 0 [pid 5069] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5069] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5069] chdir("./file2") = 0 [pid 5069] ioctl(4, LOOP_CLR_FD) = 0 [pid 5069] close(4) = 0 [pid 5069] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5069] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] <... futex resumed>) = 0 [pid 5068] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5068] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] <... futex resumed>) = 0 [pid 5069] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5069] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] <... futex resumed>) = 0 [pid 5068] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5068] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] <... futex resumed>) = 1 [pid 5069] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5069] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5068] <... futex resumed>) = 0 [pid 5068] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5068] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] write(4, "\x00\x00", 2) = 2 [pid 5069] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5068] <... futex resumed>) = 0 [pid 5068] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5068] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5068] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5069] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5068] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5068] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5070], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5070 ./strace-static-x86_64: Process 5070 attached [pid 5069] <... mmap resumed>) = 0x20000000 [pid 5068] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5068] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5070] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5069] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5070] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] <... futex resumed>) = 0 [pid 5068] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5068] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] <... futex resumed>) = 1 [pid 5070] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5069] <... futex resumed>) = 1 [pid 5068] <... futex resumed>) = 0 [pid 5068] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5069] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5068] <... futex resumed>) = 0 [pid 5068] exit_group(0) = ? [pid 5070] <... futex resumed>) = ? [pid 5070] +++ exited with 0 +++ [pid 5069] +++ exited with 0 +++ [pid 5068] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5068, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./23/binderfs") = 0 umount2("./23/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./23/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5071 ./strace-static-x86_64: Process 5071 attached [pid 5071] set_robust_list(0x555555e366e0, 24) = 0 [ 46.490637][ T5069] loop0: detected capacity change from 0 to 256 [ 46.499230][ T5069] exfat: Deprecated parameter 'utf8' [ 46.508605][ T5069] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5071] chdir("./24") = 0 [pid 5071] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5071] setpgid(0, 0) = 0 [pid 5071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5071] write(3, "1000", 4) = 4 [pid 5071] close(3) = 0 [pid 5071] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5071] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5071] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5071] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5072], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5072 ./strace-static-x86_64: Process 5072 attached [pid 5072] set_robust_list(0x7f80497369e0, 24 [pid 5071] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... set_robust_list resumed>) = 0 [pid 5071] <... futex resumed>) = 0 [pid 5072] memfd_create("syzkaller", 0 [pid 5071] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5072] <... memfd_create resumed>) = 3 [pid 5072] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5072] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5072] munmap(0x7f8041316000, 131072) = 0 [pid 5072] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5072] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5072] close(3) = 0 [pid 5072] mkdir("./file2", 0777) = 0 [pid 5072] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5072] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5072] chdir("./file2") = 0 [pid 5072] ioctl(4, LOOP_CLR_FD) = 0 [pid 5072] close(4) = 0 [pid 5072] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... futex resumed>) = 0 [pid 5071] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] <... futex resumed>) = 1 [pid 5072] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5072] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5071] <... futex resumed>) = 0 [pid 5071] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5072] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5071] <... futex resumed>) = 0 [pid 5071] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] write(4, "\x00\x00", 2) = 2 [pid 5072] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5071] <... futex resumed>) = 0 [pid 5071] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5071] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5071] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5073], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5073 [pid 5071] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5073 attached [pid 5073] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5073] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5072] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5073] <... openat resumed>) = 6 [pid 5073] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... futex resumed>) = 0 [pid 5071] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... futex resumed>) = 1 [pid 5072] <... mmap resumed>) = 0x20000000 [pid 5073] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 5073] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... futex resumed>) = 0 [pid 5073] <... futex resumed>) = 1 [pid 5073] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5072] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5071] exit_group(0) = ? [pid 5073] <... futex resumed>) = ? [pid 5073] +++ exited with 0 +++ [pid 5072] <... futex resumed>) = ? [pid 5072] +++ exited with 0 +++ [pid 5071] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5071, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./24/binderfs") = 0 umount2("./24/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./24/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5074 ./strace-static-x86_64: Process 5074 attached [pid 5074] set_robust_list(0x555555e366e0, 24) = 0 [pid 5074] chdir("./25") = 0 [pid 5074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 46.592176][ T5072] loop0: detected capacity change from 0 to 256 [ 46.600397][ T5072] exfat: Deprecated parameter 'utf8' [ 46.608448][ T5072] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5074] setpgid(0, 0) = 0 [pid 5074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5074] write(3, "1000", 4) = 4 [pid 5074] close(3) = 0 [pid 5074] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5074] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5074] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5074] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5075 attached , parent_tid=[5075], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5075 [pid 5075] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5075] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5074] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5075] <... futex resumed>) = 0 [pid 5074] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5075] memfd_create("syzkaller", 0) = 3 [pid 5075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5075] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5075] munmap(0x7f8041316000, 131072) = 0 [pid 5075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5075] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5075] close(3) = 0 [pid 5075] mkdir("./file2", 0777) = 0 [pid 5075] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5075] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5075] chdir("./file2") = 0 [pid 5075] ioctl(4, LOOP_CLR_FD) = 0 [pid 5075] close(4) = 0 [pid 5075] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... futex resumed>) = 0 [pid 5075] <... futex resumed>) = 1 [pid 5074] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... openat resumed>) = 4 [pid 5075] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5075] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] write(4, "\x00\x00", 2) = 2 [pid 5075] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5075] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5074] <... mmap resumed>) = 0x7f8041315000 [pid 5074] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5074] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5076], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5076 ./strace-static-x86_64: Process 5076 attached [pid 5075] <... mmap resumed>) = 0x20000000 [pid 5074] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5076] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5076] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5076] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] <... futex resumed>) = 1 [pid 5076] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5076] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... futex resumed>) = 0 [pid 5076] <... futex resumed>) = 1 [pid 5076] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5075] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5074] exit_group(0) = ? [pid 5076] <... futex resumed>) = ? [pid 5076] +++ exited with 0 +++ [pid 5075] <... futex resumed>) = ? [pid 5075] +++ exited with 0 +++ [pid 5074] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5074, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./25/binderfs") = 0 umount2("./25/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 46.683508][ T5075] loop0: detected capacity change from 0 to 256 [ 46.692116][ T5075] exfat: Deprecated parameter 'utf8' [ 46.701585][ T5075] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./25/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./25/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5077 ./strace-static-x86_64: Process 5077 attached [pid 5077] set_robust_list(0x555555e366e0, 24) = 0 [pid 5077] chdir("./26") = 0 [pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5077] setpgid(0, 0) = 0 [pid 5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5077] write(3, "1000", 4) = 4 [pid 5077] close(3) = 0 [pid 5077] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5077] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5077] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5077] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5078 attached [pid 5078] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5078] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5077] <... clone resumed>, parent_tid=[5078], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5078 [pid 5077] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5077] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5078] memfd_create("syzkaller", 0) = 3 [pid 5078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5078] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5078] munmap(0x7f8041316000, 131072) = 0 [pid 5078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5078] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5078] close(3) = 0 [pid 5078] mkdir("./file2", 0777) = 0 [pid 5078] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5078] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5078] chdir("./file2") = 0 [pid 5078] ioctl(4, LOOP_CLR_FD) = 0 [pid 5078] close(4) = 0 [pid 5078] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5078] <... futex resumed>) = 1 [pid 5078] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5078] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5078] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5078] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5078] write(4, "\x00\x00", 2) = 2 [pid 5078] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5078] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5077] <... mmap resumed>) = 0x7f8041315000 [pid 5077] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5077] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5079], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5079 ./strace-static-x86_64: Process 5079 attached [pid 5078] <... mmap resumed>) = 0x20000000 [pid 5077] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5079] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5079] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5079] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... futex resumed>) = 1 [pid 5079] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5079] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... futex resumed>) = 0 [pid 5078] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] exit_group(0) = ? [pid 5078] <... futex resumed>) = ? [pid 5079] <... futex resumed>) = ? [pid 5079] +++ exited with 0 +++ [pid 5078] +++ exited with 0 +++ [pid 5077] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5077, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./26/binderfs") = 0 umount2("./26/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./26/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5080 attached , child_tidptr=0x555555e366d0) = 5080 [pid 5080] set_robust_list(0x555555e366e0, 24) = 0 [pid 5080] chdir("./27") = 0 [pid 5080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5080] setpgid(0, 0) = 0 [pid 5080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5080] write(3, "1000", 4) = 4 [pid 5080] close(3) = 0 [pid 5080] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5080] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [ 46.792189][ T5078] loop0: detected capacity change from 0 to 256 [ 46.800206][ T5078] exfat: Deprecated parameter 'utf8' [ 46.809621][ T5078] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5080] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5080] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5081 attached [pid 5081] set_robust_list(0x7f80497369e0, 24 [pid 5080] <... clone resumed>, parent_tid=[5081], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5081 [pid 5081] <... set_robust_list resumed>) = 0 [pid 5081] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5080] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5081] memfd_create("syzkaller", 0) = 3 [pid 5081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5081] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5081] munmap(0x7f8041316000, 131072) = 0 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5081] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5081] close(3) = 0 [pid 5081] mkdir("./file2", 0777) = 0 [pid 5081] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5081] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5081] chdir("./file2") = 0 [pid 5081] ioctl(4, LOOP_CLR_FD) = 0 [pid 5081] close(4) = 0 [pid 5081] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5081] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5081] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] write(4, "\x00\x00", 2) = 2 [pid 5081] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5081] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5080] <... mmap resumed>) = 0x7f8041315000 [pid 5080] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5080] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5082], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5082 ./strace-static-x86_64: Process 5082 attached [pid 5081] <... mmap resumed>) = 0x20000000 [pid 5080] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5082] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5082] openat(AT_FDCWD, "", O_RDONLY [pid 5081] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5082] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... futex resumed>) = 1 [pid 5082] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] <... futex resumed>) = 1 [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5081] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5080] <... futex resumed>) = 0 [pid 5080] exit_group(0) = ? [pid 5082] <... futex resumed>) = ? [pid 5082] +++ exited with 0 +++ [pid 5081] +++ exited with 0 +++ [pid 5080] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5080, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./27/binderfs") = 0 umount2("./27/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./27/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5083 attached , child_tidptr=0x555555e366d0) = 5083 [pid 5083] set_robust_list(0x555555e366e0, 24) = 0 [pid 5083] chdir("./28") = 0 [ 46.879520][ T5081] loop0: detected capacity change from 0 to 256 [ 46.887200][ T5081] exfat: Deprecated parameter 'utf8' [ 46.896372][ T5081] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5083] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5083] setpgid(0, 0) = 0 [pid 5083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5083] write(3, "1000", 4) = 4 [pid 5083] close(3) = 0 [pid 5083] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5083] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5083] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5083] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5084 attached [pid 5084] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5084] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] <... clone resumed>, parent_tid=[5084], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5084 [pid 5083] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] <... futex resumed>) = 0 [pid 5083] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5084] memfd_create("syzkaller", 0) = 3 [pid 5084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5084] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5084] munmap(0x7f8041316000, 131072) = 0 [pid 5084] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5084] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5084] close(3) = 0 [pid 5084] mkdir("./file2", 0777) = 0 [pid 5084] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5084] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5084] chdir("./file2") = 0 [pid 5084] ioctl(4, LOOP_CLR_FD) = 0 [pid 5084] close(4) = 0 [pid 5084] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5083] <... futex resumed>) = 0 [pid 5083] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5084] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5083] <... futex resumed>) = 0 [pid 5083] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5084] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5083] <... futex resumed>) = 0 [pid 5083] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] write(4, "\x00\x00", 2) = 2 [pid 5084] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5083] <... futex resumed>) = 0 [pid 5083] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5083] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE [pid 5084] <... mmap resumed>) = 0x20000000 [pid 5083] <... mprotect resumed>) = 0 [pid 5083] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5085], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5085 [pid 5083] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5085 attached [pid 5085] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5085] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5085] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5085] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = 0 [pid 5083] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = 0 [pid 5084] <... futex resumed>) = 1 [pid 5083] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... futex resumed>) = 1 [pid 5085] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5084] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5083] <... futex resumed>) = 0 [pid 5083] exit_group(0) = ? [pid 5085] <... futex resumed>) = ? [pid 5085] +++ exited with 0 +++ [pid 5084] +++ exited with 0 +++ [pid 5083] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5083, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./28/binderfs") = 0 umount2("./28/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./28/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5086 ./strace-static-x86_64: Process 5086 attached [pid 5086] set_robust_list(0x555555e366e0, 24) = 0 [pid 5086] chdir("./29") = 0 [pid 5086] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5086] setpgid(0, 0) = 0 [pid 5086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5086] write(3, "1000", 4) = 4 [pid 5086] close(3) = 0 [pid 5086] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5086] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [ 46.971925][ T5084] loop0: detected capacity change from 0 to 256 [ 46.980180][ T5084] exfat: Deprecated parameter 'utf8' [ 46.989203][ T5084] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5086] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5086] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5087 attached [pid 5087] set_robust_list(0x7f80497369e0, 24 [pid 5086] <... clone resumed>, parent_tid=[5087], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5087 [pid 5087] <... set_robust_list resumed>) = 0 [pid 5086] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5087] memfd_create("syzkaller", 0) = 3 [pid 5087] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5087] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5087] munmap(0x7f8041316000, 131072) = 0 [pid 5087] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5087] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5087] close(3) = 0 [pid 5087] mkdir("./file2", 0777) = 0 [pid 5087] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5087] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5087] chdir("./file2") = 0 [pid 5087] ioctl(4, LOOP_CLR_FD) = 0 [pid 5087] close(4) = 0 [pid 5087] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5087] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] <... futex resumed>) = 0 [pid 5087] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5086] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] <... openat resumed>) = 4 [pid 5087] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5086] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5087] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5086] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] write(4, "\x00\x00", 2) = 2 [pid 5087] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5086] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5087] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5086] <... mmap resumed>) = 0x7f8041315000 [pid 5086] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5086] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5088], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5088 ./strace-static-x86_64: Process 5088 attached [pid 5087] <... mmap resumed>) = 0x20000000 [pid 5086] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5088] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5088] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5088] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... futex resumed>) = 0 [pid 5086] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] <... futex resumed>) = 1 [pid 5088] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5088] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... futex resumed>) = 0 [pid 5088] <... futex resumed>) = 1 [pid 5088] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5087] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] exit_group(0) = ? [pid 5088] <... futex resumed>) = ? [pid 5088] +++ exited with 0 +++ [pid 5087] <... futex resumed>) = ? [pid 5087] +++ exited with 0 +++ [pid 5086] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5086, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./29/binderfs") = 0 [ 47.059347][ T5087] loop0: detected capacity change from 0 to 256 [ 47.067434][ T5087] exfat: Deprecated parameter 'utf8' [ 47.076073][ T5087] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./29/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./29/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5089 ./strace-static-x86_64: Process 5089 attached [pid 5089] set_robust_list(0x555555e366e0, 24) = 0 [pid 5089] chdir("./30") = 0 [pid 5089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5089] setpgid(0, 0) = 0 [pid 5089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5089] write(3, "1000", 4) = 4 [pid 5089] close(3) = 0 [pid 5089] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5089] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5089] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5089] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5090 attached , parent_tid=[5090], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5090 [pid 5090] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5090] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5089] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] <... futex resumed>) = 0 [pid 5089] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5090] memfd_create("syzkaller", 0) = 3 [pid 5090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5090] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5090] munmap(0x7f8041316000, 131072) = 0 [pid 5090] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5090] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5090] close(3) = 0 [pid 5090] mkdir("./file2", 0777) = 0 [pid 5090] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5090] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5090] chdir("./file2") = 0 [pid 5090] ioctl(4, LOOP_CLR_FD) = 0 [pid 5090] close(4) = 0 [pid 5090] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5089] <... futex resumed>) = 0 [pid 5089] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5090] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5089] <... futex resumed>) = 0 [pid 5089] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5090] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5089] <... futex resumed>) = 0 [pid 5089] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] write(4, "\x00\x00", 2) = 2 [pid 5090] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5089] <... futex resumed>) = 0 [pid 5089] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5089] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5090] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5089] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5091], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5091 [pid 5089] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5091 attached [pid 5091] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5091] openat(AT_FDCWD, "./file0", O_RDONLY) = 6 [pid 5090] <... mmap resumed>) = 0x20000000 [pid 5091] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... futex resumed>) = 0 [pid 5089] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... futex resumed>) = 1 [pid 5091] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 5091] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... futex resumed>) = 0 [pid 5091] <... futex resumed>) = 1 [pid 5090] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5089] exit_group(0) = ? [pid 5091] <... futex resumed>) = ? [pid 5091] +++ exited with 0 +++ [pid 5090] <... futex resumed>) = ? [pid 5090] +++ exited with 0 +++ [pid 5089] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5089, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./30/binderfs") = 0 [ 47.171374][ T5090] loop0: detected capacity change from 0 to 256 [ 47.179872][ T5090] exfat: Deprecated parameter 'utf8' [ 47.188610][ T5090] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./30/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./30/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5092 ./strace-static-x86_64: Process 5092 attached [pid 5092] set_robust_list(0x555555e366e0, 24) = 0 [pid 5092] chdir("./31") = 0 [pid 5092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5092] setpgid(0, 0) = 0 [pid 5092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5092] write(3, "1000", 4) = 4 [pid 5092] close(3) = 0 [pid 5092] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5092] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5092] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5092] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5093], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5093 [pid 5092] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5093 attached [pid 5093] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5093] memfd_create("syzkaller", 0) = 3 [pid 5093] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5093] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5093] munmap(0x7f8041316000, 131072) = 0 [pid 5093] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5093] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5093] close(3) = 0 [pid 5093] mkdir("./file2", 0777) = 0 [pid 5093] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5093] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5093] chdir("./file2") = 0 [pid 5093] ioctl(4, LOOP_CLR_FD) = 0 [pid 5093] close(4) = 0 [pid 5093] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5093] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5092] <... futex resumed>) = 0 [pid 5092] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5092] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... futex resumed>) = 0 [pid 5093] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5093] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = 0 [pid 5092] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... futex resumed>) = 1 [pid 5093] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5093] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = 0 [pid 5092] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... futex resumed>) = 1 [pid 5093] write(4, "\x00\x00", 2) = 2 [pid 5093] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = 0 [pid 5092] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5093] <... futex resumed>) = 1 [pid 5092] <... mmap resumed>) = 0x7f8041315000 [pid 5092] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE [pid 5093] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5092] <... mprotect resumed>) = 0 [pid 5092] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5094 attached [pid 5093] <... mmap resumed>) = 0x20000000 [pid 5094] set_robust_list(0x7f80413359e0, 24 [pid 5092] <... clone resumed>, parent_tid=[5094], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5094 [pid 5093] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5094] <... set_robust_list resumed>) = 0 [pid 5094] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5092] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5092] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] <... futex resumed>) = 0 [pid 5094] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5094] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5094] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = 0 [pid 5092] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5092] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... futex resumed>) = 0 [pid 5093] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5094] <... futex resumed>) = 1 [pid 5093] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = 0 [pid 5092] exit_group(0) = ? [pid 5093] <... futex resumed>) = ? [pid 5093] +++ exited with 0 +++ [pid 5094] +++ exited with 0 +++ [pid 5092] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5092, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./31/binderfs") = 0 umount2("./31/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./31/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 47.263967][ T5093] loop0: detected capacity change from 0 to 256 [ 47.272825][ T5093] exfat: Deprecated parameter 'utf8' [ 47.283832][ T5093] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5095 attached , child_tidptr=0x555555e366d0) = 5095 [pid 5095] set_robust_list(0x555555e366e0, 24) = 0 [pid 5095] chdir("./32") = 0 [pid 5095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5095] setpgid(0, 0) = 0 [pid 5095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5095] write(3, "1000", 4) = 4 [pid 5095] close(3) = 0 [pid 5095] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5095] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5095] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5095] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5096 attached [pid 5096] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5096] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] <... clone resumed>, parent_tid=[5096], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5096 [pid 5095] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5096] <... futex resumed>) = 0 [pid 5095] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5096] memfd_create("syzkaller", 0) = 3 [pid 5096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5096] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5096] munmap(0x7f8041316000, 131072) = 0 [pid 5096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5096] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5096] close(3) = 0 [pid 5096] mkdir("./file2", 0777) = 0 [pid 5096] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5096] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5096] chdir("./file2") = 0 [pid 5096] ioctl(4, LOOP_CLR_FD) = 0 [pid 5096] close(4) = 0 [pid 5096] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] <... futex resumed>) = 0 [pid 5095] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5096] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] <... futex resumed>) = 0 [pid 5095] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5096] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] <... futex resumed>) = 0 [pid 5095] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] write(4, "\x00\x00", 2) = 2 [pid 5096] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] <... futex resumed>) = 0 [pid 5095] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5096] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5095] <... mmap resumed>) = 0x7f8041315000 [pid 5095] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5095] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5097], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5097 ./strace-static-x86_64: Process 5097 attached [pid 5096] <... mmap resumed>) = 0x20000000 [pid 5095] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5097] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5097] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5097] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5097] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] <... futex resumed>) = 0 [pid 5095] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5097] <... futex resumed>) = 1 [pid 5097] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5097] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] <... futex resumed>) = 0 [pid 5097] <... futex resumed>) = 1 [pid 5096] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] <... futex resumed>) = 0 [pid 5096] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] exit_group(0) = ? [pid 5097] <... futex resumed>) = ? [pid 5096] <... futex resumed>) = ? [pid 5097] +++ exited with 0 +++ [pid 5096] +++ exited with 0 +++ [pid 5095] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5095, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./32/binderfs") = 0 [ 47.364278][ T5096] loop0: detected capacity change from 0 to 256 [ 47.372290][ T5096] exfat: Deprecated parameter 'utf8' [ 47.382027][ T5096] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./32/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./32/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5098 ./strace-static-x86_64: Process 5098 attached [pid 5098] set_robust_list(0x555555e366e0, 24) = 0 [pid 5098] chdir("./33") = 0 [pid 5098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5098] setpgid(0, 0) = 0 [pid 5098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5098] write(3, "1000", 4) = 4 [pid 5098] close(3) = 0 [pid 5098] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5098] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5098] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5098] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5099 attached , parent_tid=[5099], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5099 [pid 5099] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5099] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5098] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5099] <... futex resumed>) = 0 [pid 5098] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5099] memfd_create("syzkaller", 0) = 3 [pid 5099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5099] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5099] munmap(0x7f8041316000, 131072) = 0 [pid 5099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5099] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5099] close(3) = 0 [pid 5099] mkdir("./file2", 0777) = 0 [pid 5099] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5099] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5099] chdir("./file2") = 0 [pid 5099] ioctl(4, LOOP_CLR_FD) = 0 [pid 5099] close(4) = 0 [pid 5099] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5098] <... futex resumed>) = 0 [pid 5098] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5099] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5098] <... futex resumed>) = 0 [pid 5098] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5099] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5098] <... futex resumed>) = 0 [pid 5098] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] write(4, "\x00\x00", 2) = 2 [pid 5099] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5098] <... futex resumed>) = 0 [pid 5098] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5099] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5098] <... mmap resumed>) = 0x7f8041315000 [pid 5098] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5098] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5100], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5100 ./strace-static-x86_64: Process 5100 attached [pid 5099] <... mmap resumed>) = 0x20000000 [pid 5098] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5100] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5100] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5099] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... futex resumed>) = 0 [pid 5098] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] <... futex resumed>) = 1 [pid 5100] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] <... futex resumed>) = 1 [pid 5098] <... futex resumed>) = 0 [pid 5098] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5099] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5098] <... futex resumed>) = 0 [pid 5098] exit_group(0) = ? [pid 5100] <... futex resumed>) = ? [pid 5100] +++ exited with 0 +++ [pid 5099] +++ exited with 0 +++ [pid 5098] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5098, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./33/binderfs") = 0 umount2("./33/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./33/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5101 attached , child_tidptr=0x555555e366d0) = 5101 [pid 5101] set_robust_list(0x555555e366e0, 24) = 0 [pid 5101] chdir("./34") = 0 [pid 5101] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5101] setpgid(0, 0) = 0 [pid 5101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5101] write(3, "1000", 4) = 4 [pid 5101] close(3) = 0 [pid 5101] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5101] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5101] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [ 47.478803][ T5099] loop0: detected capacity change from 0 to 256 [ 47.486905][ T5099] exfat: Deprecated parameter 'utf8' [ 47.495900][ T5099] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5101] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5102], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5102 [pid 5101] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5102 attached [pid 5102] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5102] memfd_create("syzkaller", 0) = 3 [pid 5102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5102] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5102] munmap(0x7f8041316000, 131072) = 0 [pid 5102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5102] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5102] close(3) = 0 [pid 5102] mkdir("./file2", 0777) = 0 [pid 5102] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5102] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5102] chdir("./file2") = 0 [pid 5102] ioctl(4, LOOP_CLR_FD) = 0 [pid 5102] close(4) = 0 [pid 5102] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5102] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5102] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] write(4, "\x00\x00", 2) = 2 [pid 5102] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5102] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5101] <... mmap resumed>) = 0x7f8041315000 [pid 5101] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5101] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5103], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5103 ./strace-static-x86_64: Process 5103 attached [pid 5102] <... mmap resumed>) = 0x20000000 [pid 5101] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5103] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5103] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5103] openat(AT_FDCWD, "", O_RDONLY [pid 5102] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5103] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5103] <... futex resumed>) = 1 [pid 5103] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5102] <... futex resumed>) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5102] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5102] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5102] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] exit_group(0) = ? [pid 5103] <... futex resumed>) = ? [pid 5102] <... futex resumed>) = ? [pid 5103] +++ exited with 0 +++ [pid 5102] +++ exited with 0 +++ [pid 5101] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5101, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./34/binderfs") = 0 umount2("./34/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./34/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5104 attached , child_tidptr=0x555555e366d0) = 5104 [pid 5104] set_robust_list(0x555555e366e0, 24) = 0 [pid 5104] chdir("./35") = 0 [pid 5104] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5104] setpgid(0, 0) = 0 [pid 5104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5104] write(3, "1000", 4) = 4 [pid 5104] close(3) = 0 [pid 5104] symlink("/dev/binderfs", "./binderfs") = 0 [ 47.564716][ T5102] loop0: detected capacity change from 0 to 256 [ 47.573121][ T5102] exfat: Deprecated parameter 'utf8' [ 47.582291][ T5102] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5104] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5104] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5104] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5105 attached [pid 5105] set_robust_list(0x7f80497369e0, 24 [pid 5104] <... clone resumed>, parent_tid=[5105], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5105 [pid 5104] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... set_robust_list resumed>) = 0 [pid 5104] <... futex resumed>) = 0 [pid 5105] memfd_create("syzkaller", 0 [pid 5104] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5105] <... memfd_create resumed>) = 3 [pid 5105] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5105] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5105] munmap(0x7f8041316000, 131072) = 0 [pid 5105] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5105] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5105] close(3) = 0 [pid 5105] mkdir("./file2", 0777) = 0 [pid 5105] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5105] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5105] chdir("./file2") = 0 [pid 5105] ioctl(4, LOOP_CLR_FD) = 0 [pid 5105] close(4) = 0 [pid 5105] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5104] <... futex resumed>) = 0 [pid 5104] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5105] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5104] <... futex resumed>) = 0 [pid 5105] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5104] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] <... openat resumed>) = 5 [pid 5105] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5104] <... futex resumed>) = 0 [pid 5104] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] write(4, "\x00\x00", 2) = 2 [pid 5105] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5104] <... futex resumed>) = 0 [pid 5104] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5105] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5104] <... mmap resumed>) = 0x7f8041315000 [pid 5104] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5104] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5106], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5106 ./strace-static-x86_64: Process 5106 attached [pid 5105] <... mmap resumed>) = 0x20000000 [pid 5104] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5106] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5106] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5106] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] <... futex resumed>) = 0 [pid 5104] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... futex resumed>) = 1 [pid 5106] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5106] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] <... futex resumed>) = 0 [pid 5106] <... futex resumed>) = 1 [pid 5106] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5105] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5104] exit_group(0) = ? [pid 5105] <... futex resumed>) = ? [pid 5105] +++ exited with 0 +++ [pid 5106] <... futex resumed>) = ? [pid 5106] +++ exited with 0 +++ [pid 5104] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5104, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./35/binderfs") = 0 [ 47.651982][ T5105] loop0: detected capacity change from 0 to 256 [ 47.659640][ T5105] exfat: Deprecated parameter 'utf8' [ 47.669440][ T5105] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./35/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./35/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5107 ./strace-static-x86_64: Process 5107 attached [pid 5107] set_robust_list(0x555555e366e0, 24) = 0 [pid 5107] chdir("./36") = 0 [pid 5107] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5107] setpgid(0, 0) = 0 [pid 5107] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5107] write(3, "1000", 4) = 4 [pid 5107] close(3) = 0 [pid 5107] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5107] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5107] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5107] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5108 attached , parent_tid=[5108], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5108 [pid 5108] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5108] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5107] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] <... futex resumed>) = 0 [pid 5107] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5108] memfd_create("syzkaller", 0) = 3 [pid 5108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5108] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5108] munmap(0x7f8041316000, 131072) = 0 [pid 5108] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5108] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5108] close(3) = 0 [pid 5108] mkdir("./file2", 0777) = 0 [pid 5108] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5108] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5108] chdir("./file2") = 0 [pid 5108] ioctl(4, LOOP_CLR_FD) = 0 [pid 5108] close(4) = 0 [pid 5108] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5107] <... futex resumed>) = 0 [pid 5107] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5108] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5107] <... futex resumed>) = 0 [pid 5107] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5108] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5107] <... futex resumed>) = 0 [pid 5107] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] write(4, "\x00\x00", 2) = 2 [pid 5108] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5107] <... futex resumed>) = 0 [pid 5107] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5107] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5108] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5107] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5109], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5109 ./strace-static-x86_64: Process 5109 attached [pid 5108] <... mmap resumed>) = 0x20000000 [pid 5107] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5109] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5109] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5109] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5109] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] <... futex resumed>) = 0 [pid 5107] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5109] <... futex resumed>) = 1 [pid 5109] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5109] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] <... futex resumed>) = 0 [pid 5108] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] exit_group(0) = ? [pid 5109] <... futex resumed>) = ? [pid 5109] +++ exited with 0 +++ [pid 5108] <... futex resumed>) = ? [pid 5108] +++ exited with 0 +++ [pid 5107] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5107, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./36/binderfs") = 0 umount2("./36/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./36/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5110 attached , child_tidptr=0x555555e366d0) = 5110 [pid 5110] set_robust_list(0x555555e366e0, 24) = 0 [ 47.749831][ T5108] loop0: detected capacity change from 0 to 256 [ 47.758042][ T5108] exfat: Deprecated parameter 'utf8' [ 47.766936][ T5108] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5110] chdir("./37") = 0 [pid 5110] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5110] setpgid(0, 0) = 0 [pid 5110] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5110] write(3, "1000", 4) = 4 [pid 5110] close(3) = 0 [pid 5110] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5110] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5110] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5110] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5111 attached , parent_tid=[5111], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5111 [pid 5111] set_robust_list(0x7f80497369e0, 24 [pid 5110] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... set_robust_list resumed>) = 0 [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5111] memfd_create("syzkaller", 0) = 3 [pid 5111] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5111] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5111] munmap(0x7f8041316000, 131072) = 0 [pid 5111] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5111] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5111] close(3) = 0 [pid 5111] mkdir("./file2", 0777) = 0 [pid 5111] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5111] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5111] chdir("./file2") = 0 [pid 5111] ioctl(4, LOOP_CLR_FD) = 0 [pid 5111] close(4) = 0 [pid 5111] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... futex resumed>) = 1 [pid 5111] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5111] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5111] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] write(4, "\x00\x00", 2) = 2 [pid 5111] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5111] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5110] <... mmap resumed>) = 0x7f8041315000 [pid 5110] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5110] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5112], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5112 ./strace-static-x86_64: Process 5112 attached [pid 5111] <... mmap resumed>) = 0x20000000 [pid 5110] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5112] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5112] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5112] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5112] <... futex resumed>) = 1 [pid 5112] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5111] <... futex resumed>) = 1 [pid 5111] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5111] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] <... futex resumed>) = 0 [pid 5111] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5110] exit_group(0) = ? [pid 5111] <... futex resumed>) = ? [pid 5112] <... futex resumed>) = ? [pid 5112] +++ exited with 0 +++ [pid 5111] +++ exited with 0 +++ [pid 5110] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5110, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./37/binderfs") = 0 umount2("./37/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./37/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5113 ./strace-static-x86_64: Process 5113 attached [pid 5113] set_robust_list(0x555555e366e0, 24) = 0 [pid 5113] chdir("./38") = 0 [pid 5113] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5113] setpgid(0, 0) = 0 [pid 5113] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5113] write(3, "1000", 4) = 4 [ 47.841370][ T5111] loop0: detected capacity change from 0 to 256 [ 47.849908][ T5111] exfat: Deprecated parameter 'utf8' [ 47.859327][ T5111] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5113] close(3) = 0 [pid 5113] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5113] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5113] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5113] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5114 attached [pid 5114] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5114] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] <... clone resumed>, parent_tid=[5114], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5114 [pid 5113] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5114] <... futex resumed>) = 0 [pid 5113] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5114] memfd_create("syzkaller", 0) = 3 [pid 5114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5114] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5114] munmap(0x7f8041316000, 131072) = 0 [pid 5114] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5114] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5114] close(3) = 0 [pid 5114] mkdir("./file2", 0777) = 0 [pid 5114] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5114] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5114] chdir("./file2") = 0 [pid 5114] ioctl(4, LOOP_CLR_FD) = 0 [pid 5114] close(4) = 0 [pid 5114] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] <... futex resumed>) = 0 [pid 5114] <... futex resumed>) = 1 [pid 5113] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5113] <... futex resumed>) = 0 [pid 5113] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] <... openat resumed>) = 4 [pid 5114] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5113] <... futex resumed>) = 0 [pid 5113] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5114] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5113] <... futex resumed>) = 0 [pid 5113] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] write(4, "\x00\x00", 2) = 2 [pid 5114] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5113] <... futex resumed>) = 0 [pid 5113] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5114] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5113] <... mmap resumed>) = 0x7f8041315000 [pid 5113] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5113] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5115], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5115 ./strace-static-x86_64: Process 5115 attached [pid 5114] <... mmap resumed>) = 0x20000000 [pid 5113] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5115] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5115] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5115] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5115] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] <... futex resumed>) = 0 [pid 5113] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5115] <... futex resumed>) = 1 [pid 5115] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5115] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] <... futex resumed>) = 0 [pid 5114] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] <... futex resumed>) = 1 [pid 5115] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5114] <... futex resumed>) = 0 [pid 5114] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] exit_group(0) = ? [pid 5115] <... futex resumed>) = ? [pid 5115] +++ exited with 0 +++ [pid 5114] <... futex resumed>) = ? [pid 5114] +++ exited with 0 +++ [pid 5113] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5113, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./38/binderfs") = 0 [ 47.931031][ T5114] loop0: detected capacity change from 0 to 256 [ 47.939443][ T5114] exfat: Deprecated parameter 'utf8' [ 47.949520][ T5114] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./38/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./38/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5116 ./strace-static-x86_64: Process 5116 attached [pid 5116] set_robust_list(0x555555e366e0, 24) = 0 [pid 5116] chdir("./39") = 0 [pid 5116] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5116] setpgid(0, 0) = 0 [pid 5116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5116] write(3, "1000", 4) = 4 [pid 5116] close(3) = 0 [pid 5116] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5116] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5116] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5116] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5117], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5117 [pid 5116] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5117 attached [pid 5117] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5117] memfd_create("syzkaller", 0) = 3 [pid 5117] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5117] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5117] munmap(0x7f8041316000, 131072) = 0 [pid 5117] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5117] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5117] close(3) = 0 [pid 5117] mkdir("./file2", 0777) = 0 [pid 5117] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5117] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5117] chdir("./file2") = 0 [pid 5117] ioctl(4, LOOP_CLR_FD) = 0 [pid 5117] close(4) = 0 [pid 5117] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... futex resumed>) = 0 [pid 5116] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] <... futex resumed>) = 1 [pid 5117] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5117] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... futex resumed>) = 0 [pid 5117] <... futex resumed>) = 1 [pid 5116] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5116] <... futex resumed>) = 0 [pid 5116] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] <... openat resumed>) = 5 [pid 5117] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5117] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5116] <... futex resumed>) = 0 [pid 5117] write(4, "\x00\x00", 2 [pid 5116] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] <... write resumed>) = 2 [pid 5117] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5117] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5116] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5117] <... mmap resumed>) = 0x20000000 [pid 5117] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] <... mmap resumed>) = 0x7f8041315000 [pid 5117] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5116] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5118 attached , parent_tid=[5118], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5118 [pid 5116] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5118] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5118] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5118] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... futex resumed>) = 0 [pid 5116] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] <... futex resumed>) = 0 [pid 5117] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5117] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... futex resumed>) = 0 [pid 5116] exit_group(0) = ? [pid 5118] <... futex resumed>) = ? [pid 5117] <... futex resumed>) = ? [pid 5117] +++ exited with 0 +++ [pid 5118] +++ exited with 0 +++ [pid 5116] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5116, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./39/binderfs") = 0 umount2("./39/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./39/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5119 ./strace-static-x86_64: Process 5119 attached [pid 5119] set_robust_list(0x555555e366e0, 24) = 0 [pid 5119] chdir("./40") = 0 [pid 5119] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5119] setpgid(0, 0) = 0 [pid 5119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5119] write(3, "1000", 4) = 4 [pid 5119] close(3) = 0 [pid 5119] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5119] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5119] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5119] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5120], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5120 [pid 5119] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5120 attached [pid 5120] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5120] memfd_create("syzkaller", 0) = 3 [pid 5120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5120] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5120] munmap(0x7f8041316000, 131072) = 0 [pid 5120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 48.024020][ T5117] loop0: detected capacity change from 0 to 256 [ 48.033628][ T5117] exfat: Deprecated parameter 'utf8' [ 48.044307][ T5117] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5120] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5120] close(3) = 0 [pid 5120] mkdir("./file2", 0777) = 0 [pid 5120] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5120] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5120] chdir("./file2") = 0 [pid 5120] ioctl(4, LOOP_CLR_FD) = 0 [pid 5120] close(4) = 0 [pid 5120] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5120] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5120] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... futex resumed>) = 0 [pid 5119] <... futex resumed>) = 1 [pid 5120] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5119] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] <... openat resumed>) = 5 [pid 5120] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] <... futex resumed>) = 0 [pid 5120] <... futex resumed>) = 1 [pid 5120] write(4, "\x00\x00", 2 [pid 5119] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... write resumed>) = 2 [pid 5119] <... futex resumed>) = 0 [pid 5120] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] <... futex resumed>) = 0 [pid 5119] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5120] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5119] <... futex resumed>) = 0 [pid 5120] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5119] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5119] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE [pid 5120] <... mmap resumed>) = 0x20000000 [pid 5120] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] <... mprotect resumed>) = 0 [pid 5120] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5121 attached , parent_tid=[5121], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5121 [pid 5121] set_robust_list(0x7f80413359e0, 24 [pid 5119] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] <... set_robust_list resumed>) = 0 [pid 5121] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5121] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5121] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] <... futex resumed>) = 0 [pid 5120] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5120] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] <... futex resumed>) = 0 [pid 5119] exit_group(0) = ? [pid 5120] <... futex resumed>) = ? [pid 5120] +++ exited with 0 +++ [pid 5121] <... futex resumed>) = ? [pid 5121] +++ exited with 0 +++ [pid 5119] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5119, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./40/binderfs") = 0 umount2("./40/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./40/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 [ 48.096290][ T5120] loop0: detected capacity change from 0 to 256 [ 48.104082][ T5120] exfat: Deprecated parameter 'utf8' [ 48.113264][ T5120] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) close(4) = 0 rmdir("./40/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5122 ./strace-static-x86_64: Process 5122 attached [pid 5122] set_robust_list(0x555555e366e0, 24) = 0 [pid 5122] chdir("./41") = 0 [pid 5122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5122] setpgid(0, 0) = 0 [pid 5122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5122] write(3, "1000", 4) = 4 [pid 5122] close(3) = 0 [pid 5122] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5122] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5122] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5122] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5123], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5123 [pid 5122] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5123 attached [pid 5123] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5123] memfd_create("syzkaller", 0) = 3 [pid 5123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5123] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5123] munmap(0x7f8041316000, 131072) = 0 [pid 5123] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5123] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5123] close(3) = 0 [pid 5123] mkdir("./file2", 0777) = 0 [pid 5123] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5123] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5123] chdir("./file2") = 0 [pid 5123] ioctl(4, LOOP_CLR_FD) = 0 [pid 5123] close(4) = 0 [pid 5123] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... futex resumed>) = 0 [pid 5123] <... futex resumed>) = 1 [pid 5122] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... openat resumed>) = 4 [pid 5123] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... futex resumed>) = 1 [pid 5123] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5123] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... futex resumed>) = 1 [pid 5123] write(4, "\x00\x00", 2) = 2 [pid 5123] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5123] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5122] <... mmap resumed>) = 0x7f8041315000 [pid 5122] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5122] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5124], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5124 ./strace-static-x86_64: Process 5124 attached [pid 5123] <... mmap resumed>) = 0x20000000 [pid 5122] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5124] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5124] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5124] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] <... futex resumed>) = 1 [pid 5124] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5124] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... futex resumed>) = 0 [pid 5124] <... futex resumed>) = 1 [pid 5124] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5123] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5123] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] exit_group(0) = ? [pid 5124] <... futex resumed>) = ? [pid 5124] +++ exited with 0 +++ [pid 5123] <... futex resumed>) = ? [pid 5123] +++ exited with 0 +++ [pid 5122] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5122, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./41/binderfs") = 0 [ 48.193762][ T5123] loop0: detected capacity change from 0 to 256 [ 48.203072][ T5123] exfat: Deprecated parameter 'utf8' [ 48.211807][ T5123] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./41/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./41/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5125 ./strace-static-x86_64: Process 5125 attached [pid 5125] set_robust_list(0x555555e366e0, 24) = 0 [pid 5125] chdir("./42") = 0 [pid 5125] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5125] setpgid(0, 0) = 0 [pid 5125] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5125] write(3, "1000", 4) = 4 [pid 5125] close(3) = 0 [pid 5125] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5125] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5125] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5125] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5126], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5126 [pid 5125] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5126 attached [pid 5126] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5126] memfd_create("syzkaller", 0) = 3 [pid 5126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5126] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5126] munmap(0x7f8041316000, 131072) = 0 [pid 5126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5126] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5126] close(3) = 0 [pid 5126] mkdir("./file2", 0777) = 0 [pid 5126] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5126] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5126] chdir("./file2") = 0 [pid 5126] ioctl(4, LOOP_CLR_FD) = 0 [pid 5126] close(4) = 0 [pid 5126] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5125] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5126] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5126] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5125] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... openat resumed>) = 5 [pid 5126] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5125] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] write(4, "\x00\x00", 2) = 2 [pid 5126] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5125] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5125] <... futex resumed>) = 0 [pid 5125] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5125] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE [pid 5126] <... mmap resumed>) = 0x20000000 [pid 5125] <... mprotect resumed>) = 0 [pid 5125] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5127 attached [pid 5126] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... clone resumed>, parent_tid=[5127], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5127 [pid 5127] set_robust_list(0x7f80413359e0, 24 [pid 5126] <... futex resumed>) = 0 [pid 5125] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5127] <... set_robust_list resumed>) = 0 [pid 5126] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5127] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5127] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5127] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5125] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... futex resumed>) = 0 [pid 5125] <... futex resumed>) = 1 [pid 5126] getdents64(-1, [pid 5125] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5126] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5126] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] exit_group(0 [pid 5126] <... futex resumed>) = ? [pid 5125] <... exit_group resumed>) = ? [pid 5126] +++ exited with 0 +++ [pid 5127] +++ exited with 0 +++ [pid 5125] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5125, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./42/binderfs") = 0 umount2("./42/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./42/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5128 ./strace-static-x86_64: Process 5128 attached [pid 5128] set_robust_list(0x555555e366e0, 24) = 0 [pid 5128] chdir("./43") = 0 [ 48.264392][ T5126] loop0: detected capacity change from 0 to 256 [ 48.272021][ T5126] exfat: Deprecated parameter 'utf8' [ 48.282773][ T5126] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5128] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5128] setpgid(0, 0) = 0 [pid 5128] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5128] write(3, "1000", 4) = 4 [pid 5128] close(3) = 0 [pid 5128] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5128] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5128] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5128] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5129 attached [pid 5129] set_robust_list(0x7f80497369e0, 24 [pid 5128] <... clone resumed>, parent_tid=[5129], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5129 [pid 5129] <... set_robust_list resumed>) = 0 [pid 5129] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5129] <... futex resumed>) = 0 [pid 5128] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5129] memfd_create("syzkaller", 0) = 3 [pid 5129] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5129] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5129] munmap(0x7f8041316000, 131072) = 0 [pid 5129] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5129] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5129] close(3) = 0 [pid 5129] mkdir("./file2", 0777) = 0 [pid 5129] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5129] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5129] chdir("./file2") = 0 [pid 5129] ioctl(4, LOOP_CLR_FD) = 0 [pid 5129] close(4) = 0 [pid 5129] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5129] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5128] <... futex resumed>) = 0 [pid 5128] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5129] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5128] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5129] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5128] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] write(4, "\x00\x00", 2) = 2 [pid 5129] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5128] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5129] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5128] <... mmap resumed>) = 0x7f8041315000 [pid 5128] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5128] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5130], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5130 ./strace-static-x86_64: Process 5130 attached [pid 5129] <... mmap resumed>) = 0x20000000 [pid 5128] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5130] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5130] openat(AT_FDCWD, "", O_RDONLY [pid 5129] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5130] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5130] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] <... futex resumed>) = 0 [pid 5128] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] <... futex resumed>) = 1 [pid 5130] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5129] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5129] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5129] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] exit_group(0 [pid 5129] <... futex resumed>) = ? [pid 5128] <... exit_group resumed>) = ? [pid 5129] +++ exited with 0 +++ [pid 5130] <... futex resumed>) = ? [pid 5130] +++ exited with 0 +++ [pid 5128] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5128, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./43/binderfs") = 0 [ 48.359389][ T5129] loop0: detected capacity change from 0 to 256 [ 48.366914][ T5129] exfat: Deprecated parameter 'utf8' [ 48.376026][ T5129] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./43/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./43/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5131 ./strace-static-x86_64: Process 5131 attached [pid 5131] set_robust_list(0x555555e366e0, 24) = 0 [pid 5131] chdir("./44") = 0 [pid 5131] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5131] setpgid(0, 0) = 0 [pid 5131] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5131] write(3, "1000", 4) = 4 [pid 5131] close(3) = 0 [pid 5131] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5131] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5131] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5131] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5132 attached , parent_tid=[5132], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5132 [pid 5132] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5131] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5132] memfd_create("syzkaller", 0) = 3 [pid 5132] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5132] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5132] munmap(0x7f8041316000, 131072) = 0 [pid 5132] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5132] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5132] close(3) = 0 [pid 5132] mkdir("./file2", 0777) = 0 [pid 5132] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5132] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5132] chdir("./file2") = 0 [pid 5132] ioctl(4, LOOP_CLR_FD) = 0 [pid 5132] close(4) = 0 [pid 5132] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] <... futex resumed>) = 0 [pid 5131] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] <... futex resumed>) = 1 [pid 5132] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5132] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] <... futex resumed>) = 0 [pid 5131] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] <... futex resumed>) = 1 [pid 5132] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5132] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] <... futex resumed>) = 0 [pid 5131] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] <... futex resumed>) = 1 [pid 5132] write(4, "\x00\x00", 2) = 2 [pid 5132] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] <... futex resumed>) = 0 [pid 5131] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5131] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5131] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5133], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5133 [pid 5131] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] <... futex resumed>) = 1 [pid 5132] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0./strace-static-x86_64: Process 5133 attached [pid 5133] set_robust_list(0x7f80413359e0, 24 [pid 5132] <... mmap resumed>) = 0x20000000 [pid 5133] <... set_robust_list resumed>) = 0 [pid 5133] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5133] openat(AT_FDCWD, "", O_RDONLY [pid 5132] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5133] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5133] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5132] <... futex resumed>) = 0 [pid 5131] <... futex resumed>) = 0 [pid 5131] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5132] getdents64(-1, [pid 5131] <... futex resumed>) = 0 [pid 5133] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5132] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5131] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5132] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5131] exit_group(0) = ? [pid 5133] <... futex resumed>) = ? [pid 5133] +++ exited with 0 +++ [pid 5132] <... futex resumed>) = ? [pid 5132] +++ exited with 0 +++ [pid 5131] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5131, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./44/binderfs") = 0 umount2("./44/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./44/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5134 ./strace-static-x86_64: Process 5134 attached [pid 5134] set_robust_list(0x555555e366e0, 24) = 0 [pid 5134] chdir("./45") = 0 [pid 5134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5134] setpgid(0, 0) = 0 [pid 5134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5134] write(3, "1000", 4) = 4 [pid 5134] close(3) = 0 [pid 5134] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5134] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5134] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5134] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5135 attached , parent_tid=[5135], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5135 [pid 5135] set_robust_list(0x7f80497369e0, 24 [pid 5134] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... set_robust_list resumed>) = 0 [pid 5134] <... futex resumed>) = 0 [pid 5134] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5135] memfd_create("syzkaller", 0) = 3 [pid 5135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5135] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5135] munmap(0x7f8041316000, 131072) = 0 [ 48.491392][ T5132] loop0: detected capacity change from 0 to 256 [ 48.500192][ T5132] exfat: Deprecated parameter 'utf8' [ 48.509387][ T5132] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5135] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5135] close(3) = 0 [pid 5135] mkdir("./file2", 0777) = 0 [pid 5135] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5135] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5135] chdir("./file2") = 0 [pid 5135] ioctl(4, LOOP_CLR_FD) = 0 [pid 5135] close(4) = 0 [pid 5135] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] <... futex resumed>) = 0 [pid 5134] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5134] <... futex resumed>) = 0 [pid 5134] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] <... openat resumed>) = 4 [pid 5135] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] <... futex resumed>) = 0 [pid 5134] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5135] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] <... futex resumed>) = 0 [pid 5134] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] write(4, "\x00\x00", 2) = 2 [pid 5135] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] <... futex resumed>) = 0 [pid 5134] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5135] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5134] <... mmap resumed>) = 0x7f8041315000 [pid 5134] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE [pid 5135] <... mmap resumed>) = 0x20000000 [pid 5134] <... mprotect resumed>) = 0 [pid 5134] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5135] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] <... clone resumed>, parent_tid=[5136], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5136 [pid 5134] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5136 attached [pid 5136] set_robust_list(0x7f80413359e0, 24 [pid 5135] <... futex resumed>) = 0 [pid 5136] <... set_robust_list resumed>) = 0 [pid 5136] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5136] openat(AT_FDCWD, "", O_RDONLY [pid 5135] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5136] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5136] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] <... futex resumed>) = 0 [pid 5134] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5134] <... futex resumed>) = 0 [pid 5134] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5136] <... futex resumed>) = 1 [pid 5135] getdents64(-1, [pid 5136] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5135] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5135] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] <... futex resumed>) = 0 [pid 5134] exit_group(0) = ? [pid 5136] <... futex resumed>) = ? [pid 5135] +++ exited with 0 +++ [pid 5136] +++ exited with 0 +++ [pid 5134] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5134, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./45/binderfs") = 0 umount2("./45/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./45/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 48.572657][ T5135] loop0: detected capacity change from 0 to 256 [ 48.581432][ T5135] exfat: Deprecated parameter 'utf8' [ 48.590421][ T5135] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5137 attached [pid 5137] set_robust_list(0x555555e366e0, 24 [pid 4997] <... clone resumed>, child_tidptr=0x555555e366d0) = 5137 [pid 5137] <... set_robust_list resumed>) = 0 [pid 5137] chdir("./46") = 0 [pid 5137] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5137] setpgid(0, 0) = 0 [pid 5137] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5137] write(3, "1000", 4) = 4 [pid 5137] close(3) = 0 [pid 5137] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5137] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5137] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5137] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5138 attached , parent_tid=[5138], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5138 [pid 5138] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5138] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5137] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5138] <... futex resumed>) = 0 [pid 5138] memfd_create("syzkaller", 0 [pid 5137] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5138] <... memfd_create resumed>) = 3 [pid 5138] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5138] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5138] munmap(0x7f8041316000, 131072) = 0 [pid 5138] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5138] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5138] close(3) = 0 [pid 5138] mkdir("./file2", 0777) = 0 [pid 5138] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5138] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5138] chdir("./file2") = 0 [pid 5138] ioctl(4, LOOP_CLR_FD) = 0 [pid 5138] close(4) = 0 [pid 5138] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5137] <... futex resumed>) = 0 [pid 5137] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5138] <... futex resumed>) = 1 [pid 5138] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5138] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5137] <... futex resumed>) = 0 [pid 5137] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5138] <... futex resumed>) = 1 [pid 5138] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5138] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5137] <... futex resumed>) = 0 [pid 5137] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5138] write(4, "\x00\x00", 2) = 2 [pid 5138] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5137] <... futex resumed>) = 0 [pid 5137] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5138] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5137] <... mmap resumed>) = 0x7f8041315000 [pid 5137] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5137] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5139], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5139 ./strace-static-x86_64: Process 5139 attached [pid 5138] <... mmap resumed>) = 0x20000000 [pid 5137] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5139] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5139] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5139] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5139] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5137] <... futex resumed>) = 0 [pid 5137] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5139] <... futex resumed>) = 1 [pid 5139] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5139] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5137] <... futex resumed>) = 0 [pid 5139] <... futex resumed>) = 1 [pid 5139] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5138] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5138] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5137] exit_group(0) = ? [pid 5139] <... futex resumed>) = ? [pid 5138] <... futex resumed>) = ? [pid 5139] +++ exited with 0 +++ [pid 5138] +++ exited with 0 +++ [pid 5137] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5137, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./46/binderfs") = 0 [ 48.671211][ T5138] loop0: detected capacity change from 0 to 256 [ 48.679761][ T5138] exfat: Deprecated parameter 'utf8' [ 48.688791][ T5138] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./46/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./46/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5140 ./strace-static-x86_64: Process 5140 attached [pid 5140] set_robust_list(0x555555e366e0, 24) = 0 [pid 5140] chdir("./47") = 0 [pid 5140] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5140] setpgid(0, 0) = 0 [pid 5140] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5140] write(3, "1000", 4) = 4 [pid 5140] close(3) = 0 [pid 5140] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5140] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5140] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5140] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5141 attached , parent_tid=[5141], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5141 [pid 5141] set_robust_list(0x7f80497369e0, 24 [pid 5140] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] <... set_robust_list resumed>) = 0 [pid 5140] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5141] memfd_create("syzkaller", 0) = 3 [pid 5141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5141] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5141] munmap(0x7f8041316000, 131072) = 0 [pid 5141] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5141] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5141] close(3) = 0 [pid 5141] mkdir("./file2", 0777) = 0 [pid 5141] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5141] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5141] chdir("./file2") = 0 [pid 5141] ioctl(4, LOOP_CLR_FD) = 0 [pid 5141] close(4) = 0 [pid 5141] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5141] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5141] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] write(4, "\x00\x00", 2) = 2 [pid 5141] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5141] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5140] <... mmap resumed>) = 0x7f8041315000 [pid 5140] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5140] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5142], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5142 ./strace-static-x86_64: Process 5142 attached [pid 5141] <... mmap resumed>) = 0x20000000 [pid 5140] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5142] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5142] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5142] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5142] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] <... futex resumed>) = 0 [pid 5142] <... futex resumed>) = 1 [pid 5142] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5141] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5141] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] <... futex resumed>) = 0 [pid 5140] exit_group(0) = ? [pid 5142] <... futex resumed>) = ? [pid 5141] +++ exited with 0 +++ [pid 5142] +++ exited with 0 +++ [pid 5140] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5140, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./47/binderfs") = 0 umount2("./47/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./47/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5143 ./strace-static-x86_64: Process 5143 attached [pid 5143] set_robust_list(0x555555e366e0, 24) = 0 [pid 5143] chdir("./48") = 0 [pid 5143] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5143] setpgid(0, 0) = 0 [pid 5143] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5143] write(3, "1000", 4) = 4 [pid 5143] close(3) = 0 [pid 5143] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5143] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5143] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5143] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5144], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5144 [pid 5143] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5144 attached [pid 5144] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5144] memfd_create("syzkaller", 0) = 3 [pid 5144] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5144] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5144] munmap(0x7f8041316000, 131072) = 0 [pid 5144] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 48.775875][ T5141] loop0: detected capacity change from 0 to 256 [ 48.784409][ T5141] exfat: Deprecated parameter 'utf8' [ 48.793573][ T5141] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5144] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5144] close(3) = 0 [pid 5144] mkdir("./file2", 0777) = 0 [pid 5144] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5144] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5144] chdir("./file2") = 0 [pid 5144] ioctl(4, LOOP_CLR_FD) = 0 [pid 5144] close(4) = 0 [pid 5144] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] <... futex resumed>) = 0 [pid 5144] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5144] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5144] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] write(4, "\x00\x00", 2) = 2 [pid 5144] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5144] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5143] <... mmap resumed>) = 0x7f8041315000 [pid 5143] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5143] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5145], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5145 ./strace-static-x86_64: Process 5145 attached [pid 5144] <... mmap resumed>) = 0x20000000 [pid 5143] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5145] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5145] openat(AT_FDCWD, "", O_RDONLY [pid 5144] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5145] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] <... futex resumed>) = 0 [pid 5145] <... futex resumed>) = 1 [pid 5144] getdents64(-1, [pid 5145] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5144] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5143] <... futex resumed>) = 0 [pid 5143] exit_group(0) = ? [pid 5145] <... futex resumed>) = ? [pid 5145] +++ exited with 0 +++ [pid 5144] <... futex resumed>) = ? [pid 5144] +++ exited with 0 +++ [pid 5143] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5143, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./48/binderfs") = 0 umount2("./48/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./48/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5146 ./strace-static-x86_64: Process 5146 attached [pid 5146] set_robust_list(0x555555e366e0, 24) = 0 [pid 5146] chdir("./49") = 0 [pid 5146] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5146] setpgid(0, 0) = 0 [pid 5146] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5146] write(3, "1000", 4) = 4 [pid 5146] close(3) = 0 [pid 5146] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5146] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5146] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5146] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5147 attached [pid 5147] set_robust_list(0x7f80497369e0, 24 [pid 5146] <... clone resumed>, parent_tid=[5147], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5147 [pid 5147] <... set_robust_list resumed>) = 0 [pid 5146] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 48.848619][ T5144] loop0: detected capacity change from 0 to 256 [ 48.856385][ T5144] exfat: Deprecated parameter 'utf8' [ 48.865406][ T5144] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5146] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5147] memfd_create("syzkaller", 0) = 3 [pid 5147] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5147] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5147] munmap(0x7f8041316000, 131072) = 0 [pid 5147] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5147] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5147] close(3) = 0 [pid 5147] mkdir("./file2", 0777) = 0 [pid 5147] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5147] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5147] chdir("./file2") = 0 [pid 5147] ioctl(4, LOOP_CLR_FD) = 0 [pid 5147] close(4) = 0 [pid 5147] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5147] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] <... futex resumed>) = 0 [pid 5146] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5146] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... futex resumed>) = 0 [pid 5147] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5147] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... futex resumed>) = 0 [pid 5146] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... futex resumed>) = 1 [pid 5147] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5147] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... futex resumed>) = 0 [pid 5146] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... futex resumed>) = 1 [pid 5147] write(4, "\x00\x00", 2) = 2 [pid 5147] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5146] <... futex resumed>) = 0 [pid 5147] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5146] <... futex resumed>) = 0 [pid 5147] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5146] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... mmap resumed>) = 0x20000000 [pid 5146] <... futex resumed>) = 0 [pid 5147] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5147] <... futex resumed>) = 0 [pid 5146] <... mmap resumed>) = 0x7f8041315000 [pid 5147] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5146] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5148 attached , parent_tid=[5148], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5148 [pid 5148] set_robust_list(0x7f80413359e0, 24 [pid 5146] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] <... set_robust_list resumed>) = 0 [pid 5146] <... futex resumed>) = 0 [pid 5148] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5146] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5148] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5148] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5146] <... futex resumed>) = 0 [pid 5146] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = 0 [pid 5146] <... futex resumed>) = 1 [pid 5147] getdents64(-1, [pid 5146] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5147] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5146] <... futex resumed>) = 0 [pid 5148] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5147] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] exit_group(0 [pid 5147] <... futex resumed>) = ? [pid 5146] <... exit_group resumed>) = ? [pid 5148] <... futex resumed>) = ? [pid 5147] +++ exited with 0 +++ [pid 5148] +++ exited with 0 +++ [pid 5146] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5146, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./49/binderfs") = 0 umount2("./49/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./49/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./49/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./49/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5149 attached , child_tidptr=0x555555e366d0) = 5149 [pid 5149] set_robust_list(0x555555e366e0, 24) = 0 [pid 5149] chdir("./50") = 0 [pid 5149] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5149] setpgid(0, 0) = 0 [pid 5149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5149] write(3, "1000", 4) = 4 [pid 5149] close(3) = 0 [pid 5149] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5149] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5149] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5149] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5150 attached [pid 5150] set_robust_list(0x7f80497369e0, 24 [pid 5149] <... clone resumed>, parent_tid=[5150], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5150 [pid 5150] <... set_robust_list resumed>) = 0 [pid 5149] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5150] memfd_create("syzkaller", 0) = 3 [pid 5150] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [ 48.932639][ T5147] loop0: detected capacity change from 0 to 256 [ 48.941091][ T5147] exfat: Deprecated parameter 'utf8' [ 48.950285][ T5147] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5150] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5150] munmap(0x7f8041316000, 131072) = 0 [pid 5150] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5150] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5150] close(3) = 0 [pid 5150] mkdir("./file2", 0777) = 0 [pid 5150] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5150] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5150] chdir("./file2") = 0 [pid 5150] ioctl(4, LOOP_CLR_FD) = 0 [pid 5150] close(4) = 0 [pid 5150] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] <... futex resumed>) = 0 [pid 5149] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5150] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] <... futex resumed>) = 0 [pid 5149] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5150] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] <... futex resumed>) = 0 [pid 5149] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] write(4, "\x00\x00", 2) = 2 [pid 5150] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] <... futex resumed>) = 0 [pid 5149] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5150] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5149] <... mmap resumed>) = 0x7f8041315000 [pid 5149] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5149] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5151], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5151 [pid 5149] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5151 attached [pid 5151] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5151] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5150] <... mmap resumed>) = 0x20000000 [pid 5151] <... openat resumed>) = 6 [pid 5151] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] <... futex resumed>) = 0 [pid 5149] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5151] <... futex resumed>) = 1 [pid 5151] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 5151] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] <... futex resumed>) = 0 [pid 5151] <... futex resumed>) = 1 [pid 5151] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5150] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5150] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] exit_group(0) = ? [pid 5151] <... futex resumed>) = ? [pid 5150] <... futex resumed>) = ? [pid 5151] +++ exited with 0 +++ [pid 5150] +++ exited with 0 +++ [pid 5149] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5149, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./50/binderfs") = 0 umount2("./50/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./50/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./50/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 49.015746][ T5150] loop0: detected capacity change from 0 to 256 [ 49.024953][ T5150] exfat: Deprecated parameter 'utf8' [ 49.034016][ T5150] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5152 ./strace-static-x86_64: Process 5152 attached [pid 5152] set_robust_list(0x555555e366e0, 24) = 0 [pid 5152] chdir("./51") = 0 [pid 5152] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5152] setpgid(0, 0) = 0 [pid 5152] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5152] write(3, "1000", 4) = 4 [pid 5152] close(3) = 0 [pid 5152] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5152] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5152] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5152] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5153], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5153 ./strace-static-x86_64: Process 5153 attached [pid 5153] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5153] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5152] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5153] <... futex resumed>) = 0 [pid 5152] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5153] memfd_create("syzkaller", 0) = 3 [pid 5153] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5153] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5153] munmap(0x7f8041316000, 131072) = 0 [pid 5153] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5153] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5153] close(3) = 0 [pid 5153] mkdir("./file2", 0777) = 0 [pid 5153] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5153] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5153] chdir("./file2") = 0 [pid 5153] ioctl(4, LOOP_CLR_FD) = 0 [pid 5153] close(4) = 0 [pid 5153] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] <... futex resumed>) = 0 [pid 5152] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] <... futex resumed>) = 1 [pid 5153] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5153] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] <... futex resumed>) = 0 [pid 5153] <... futex resumed>) = 1 [pid 5152] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5152] <... futex resumed>) = 0 [pid 5152] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] <... openat resumed>) = 5 [pid 5153] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5152] <... futex resumed>) = 0 [pid 5152] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] write(4, "\x00\x00", 2) = 2 [pid 5153] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5152] <... futex resumed>) = 0 [pid 5152] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5153] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5152] <... mmap resumed>) = 0x7f8041315000 [pid 5152] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5152] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5154], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5154 ./strace-static-x86_64: Process 5154 attached [pid 5153] <... mmap resumed>) = 0x20000000 [pid 5152] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5154] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5154] openat(AT_FDCWD, "", O_RDONLY [pid 5153] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5154] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] <... futex resumed>) = 0 [pid 5152] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] <... futex resumed>) = 1 [pid 5154] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5153] <... futex resumed>) = 1 [pid 5152] <... futex resumed>) = 0 [pid 5152] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5153] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5152] <... futex resumed>) = 0 [pid 5153] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5152] exit_group(0) = ? [pid 5154] <... futex resumed>) = ? [pid 5154] +++ exited with 0 +++ [pid 5153] <... futex resumed>) = ? [pid 5153] +++ exited with 0 +++ [pid 5152] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5152, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./51/binderfs") = 0 [ 49.111533][ T5153] loop0: detected capacity change from 0 to 256 [ 49.120073][ T5153] exfat: Deprecated parameter 'utf8' [ 49.129359][ T5153] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./51/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./51/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./51/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5155 attached , child_tidptr=0x555555e366d0) = 5155 [pid 5155] set_robust_list(0x555555e366e0, 24) = 0 [pid 5155] chdir("./52") = 0 [pid 5155] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5155] setpgid(0, 0) = 0 [pid 5155] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5155] write(3, "1000", 4) = 4 [pid 5155] close(3) = 0 [pid 5155] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5155] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5155] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5155] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5156 attached , parent_tid=[5156], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5156 [pid 5156] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5156] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5155] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5156] <... futex resumed>) = 0 [pid 5156] memfd_create("syzkaller", 0) = 3 [pid 5155] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5156] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5156] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5156] munmap(0x7f8041316000, 131072) = 0 [pid 5156] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5156] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5156] close(3) = 0 [pid 5156] mkdir("./file2", 0777) = 0 [pid 5156] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5156] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5156] chdir("./file2") = 0 [pid 5156] ioctl(4, LOOP_CLR_FD) = 0 [pid 5156] close(4) = 0 [pid 5156] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] <... futex resumed>) = 0 [pid 5156] <... futex resumed>) = 1 [pid 5155] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5156] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5155] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] <... openat resumed>) = 4 [pid 5156] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5155] <... futex resumed>) = 0 [pid 5155] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5156] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5155] <... futex resumed>) = 0 [pid 5155] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] write(4, "\x00\x00", 2) = 2 [pid 5156] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5155] <... futex resumed>) = 0 [pid 5155] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5156] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5155] <... mmap resumed>) = 0x7f8041315000 [pid 5155] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5155] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5157], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5157 ./strace-static-x86_64: Process 5157 attached [pid 5156] <... mmap resumed>) = 0x20000000 [pid 5155] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5157] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5157] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5156] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5157] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5157] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] <... futex resumed>) = 0 [pid 5155] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5157] <... futex resumed>) = 1 [pid 5157] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5156] <... futex resumed>) = 1 [pid 5155] <... futex resumed>) = 0 [pid 5155] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5156] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5156] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5155] <... futex resumed>) = 0 [pid 5155] exit_group(0) = ? [pid 5157] <... futex resumed>) = ? [pid 5157] +++ exited with 0 +++ [pid 5156] +++ exited with 0 +++ [pid 5155] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5155, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./52/binderfs") = 0 umount2("./52/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./52/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./52/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./52/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5158 ./strace-static-x86_64: Process 5158 attached [ 49.219915][ T5156] loop0: detected capacity change from 0 to 256 [ 49.228795][ T5156] exfat: Deprecated parameter 'utf8' [ 49.238423][ T5156] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5158] set_robust_list(0x555555e366e0, 24) = 0 [pid 5158] chdir("./53") = 0 [pid 5158] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5158] setpgid(0, 0) = 0 [pid 5158] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5158] write(3, "1000", 4) = 4 [pid 5158] close(3) = 0 [pid 5158] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5158] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5158] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5158] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5158] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5159 attached [pid 5159] set_robust_list(0x7f80497369e0, 24 [pid 5158] <... clone resumed>, parent_tid=[5159], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5159 [pid 5158] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... set_robust_list resumed>) = 0 [pid 5158] <... futex resumed>) = 0 [pid 5158] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5159] memfd_create("syzkaller", 0) = 3 [pid 5159] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5159] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5159] munmap(0x7f8041316000, 131072) = 0 [pid 5159] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5159] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5159] close(3) = 0 [pid 5159] mkdir("./file2", 0777) = 0 [pid 5159] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5159] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5159] chdir("./file2") = 0 [pid 5159] ioctl(4, LOOP_CLR_FD) = 0 [pid 5159] close(4) = 0 [pid 5159] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5159] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] <... futex resumed>) = 0 [pid 5159] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5159] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5158] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5158] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5159] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5158] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5158] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] write(4, "\x00\x00", 2) = 2 [pid 5159] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5158] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5158] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5158] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5159] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5158] <... mmap resumed>) = 0x7f8041315000 [pid 5158] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5158] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5160], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5160 ./strace-static-x86_64: Process 5160 attached [pid 5159] <... mmap resumed>) = 0x20000000 [pid 5158] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5158] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5160] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5159] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5160] openat(AT_FDCWD, "", O_RDONLY [pid 5159] <... futex resumed>) = 0 [pid 5160] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5159] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5160] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5158] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] <... futex resumed>) = 0 [pid 5160] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5159] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5159] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5158] exit_group(0) = ? [pid 5160] <... futex resumed>) = ? [pid 5160] +++ exited with 0 +++ [pid 5159] +++ exited with 0 +++ [pid 5158] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5158, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./53/binderfs") = 0 umount2("./53/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./53/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./53/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./53/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 49.312746][ T5159] loop0: detected capacity change from 0 to 256 [ 49.321873][ T5159] exfat: Deprecated parameter 'utf8' [ 49.331083][ T5159] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5161 attached [pid 5161] set_robust_list(0x555555e366e0, 24) = 0 [pid 5161] chdir("./54") = 0 [pid 5161] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5161] setpgid(0, 0) = 0 [pid 4997] <... clone resumed>, child_tidptr=0x555555e366d0) = 5161 [pid 5161] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5161] write(3, "1000", 4) = 4 [pid 5161] close(3) = 0 [pid 5161] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5161] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5161] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5161] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5162], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5162 [pid 5161] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5162 attached [pid 5162] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5162] memfd_create("syzkaller", 0) = 3 [pid 5162] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5162] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5162] munmap(0x7f8041316000, 131072) = 0 [pid 5162] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5162] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5162] close(3) = 0 [pid 5162] mkdir("./file2", 0777) = 0 [pid 5162] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5162] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5162] chdir("./file2") = 0 [pid 5162] ioctl(4, LOOP_CLR_FD) = 0 [pid 5162] close(4) = 0 [pid 5162] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5161] <... futex resumed>) = 0 [pid 5162] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5161] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5161] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5162] <... futex resumed>) = 0 [pid 5162] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5162] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5161] <... futex resumed>) = 0 [pid 5161] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5162] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5162] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5161] <... futex resumed>) = 0 [pid 5161] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5162] write(4, "\x00\x00", 2) = 2 [pid 5162] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5161] <... futex resumed>) = 0 [pid 5161] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5162] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5161] <... mmap resumed>) = 0x7f8041315000 [pid 5161] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5161] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5163], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5163 ./strace-static-x86_64: Process 5163 attached [pid 5162] <... mmap resumed>) = 0x20000000 [pid 5161] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5163] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5163] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5163] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5163] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] <... futex resumed>) = 0 [pid 5161] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5163] <... futex resumed>) = 1 [pid 5163] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5163] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] <... futex resumed>) = 0 [pid 5163] <... futex resumed>) = 1 [pid 5163] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5162] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5162] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5161] exit_group(0) = ? [pid 5163] <... futex resumed>) = ? [pid 5163] +++ exited with 0 +++ [pid 5162] <... futex resumed>) = ? [pid 5162] +++ exited with 0 +++ [pid 5161] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5161, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./54/binderfs") = 0 umount2("./54/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./54/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./54/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./54/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 49.406344][ T5162] loop0: detected capacity change from 0 to 256 [ 49.415244][ T5162] exfat: Deprecated parameter 'utf8' [ 49.424232][ T5162] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5164 attached , child_tidptr=0x555555e366d0) = 5164 [pid 5164] set_robust_list(0x555555e366e0, 24) = 0 [pid 5164] chdir("./55") = 0 [pid 5164] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5164] setpgid(0, 0) = 0 [pid 5164] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5164] write(3, "1000", 4) = 4 [pid 5164] close(3) = 0 [pid 5164] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5164] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5164] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5164] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5165 attached , parent_tid=[5165], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5165 [pid 5165] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5165] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5164] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5164] <... futex resumed>) = 0 [pid 5164] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5165] memfd_create("syzkaller", 0) = 3 [pid 5165] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5165] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5165] munmap(0x7f8041316000, 131072) = 0 [pid 5165] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5165] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5165] close(3) = 0 [pid 5165] mkdir("./file2", 0777) = 0 [pid 5165] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5165] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5165] chdir("./file2") = 0 [pid 5165] ioctl(4, LOOP_CLR_FD) = 0 [pid 5165] close(4) = 0 [pid 5165] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5165] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5164] <... futex resumed>) = 0 [pid 5164] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5165] <... futex resumed>) = 0 [pid 5165] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5165] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] <... futex resumed>) = 0 [pid 5165] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5164] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5165] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5164] <... futex resumed>) = 0 [pid 5164] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5165] <... openat resumed>) = 5 [pid 5165] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] <... futex resumed>) = 0 [pid 5164] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5165] write(4, "\x00\x00", 2) = 2 [pid 5165] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] <... futex resumed>) = 0 [pid 5164] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5165] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5164] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5164] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5166], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5166 ./strace-static-x86_64: Process 5166 attached [pid 5165] <... mmap resumed>) = 0x20000000 [pid 5164] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] set_robust_list(0x7f80413359e0, 24 [pid 5165] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] <... set_robust_list resumed>) = 0 [pid 5165] <... futex resumed>) = 0 [pid 5165] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5166] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5166] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5166] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] <... futex resumed>) = 0 [pid 5164] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5165] <... futex resumed>) = 0 [pid 5165] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5165] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] <... futex resumed>) = 0 [pid 5165] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5164] exit_group(0 [pid 5165] <... futex resumed>) = ? [pid 5164] <... exit_group resumed>) = ? [pid 5166] <... futex resumed>) = ? [pid 5165] +++ exited with 0 +++ [pid 5166] +++ exited with 0 +++ [pid 5164] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5164, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./55/binderfs") = 0 umount2("./55/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./55/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./55/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./55/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 49.500336][ T5165] loop0: detected capacity change from 0 to 256 [ 49.510399][ T5165] exfat: Deprecated parameter 'utf8' [ 49.519251][ T5165] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5167 ./strace-static-x86_64: Process 5167 attached [pid 5167] set_robust_list(0x555555e366e0, 24) = 0 [pid 5167] chdir("./56") = 0 [pid 5167] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5167] setpgid(0, 0) = 0 [pid 5167] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5167] write(3, "1000", 4) = 4 [pid 5167] close(3) = 0 [pid 5167] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5167] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5167] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5167] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5168 attached [pid 5168] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5168] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5167] <... clone resumed>, parent_tid=[5168], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5168 [pid 5167] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5168] <... futex resumed>) = 0 [pid 5167] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5168] memfd_create("syzkaller", 0) = 3 [pid 5168] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5168] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5168] munmap(0x7f8041316000, 131072) = 0 [pid 5168] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5168] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5168] close(3) = 0 [pid 5168] mkdir("./file2", 0777) = 0 [pid 5168] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5168] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5168] chdir("./file2") = 0 [pid 5168] ioctl(4, LOOP_CLR_FD) = 0 [pid 5168] close(4) = 0 [pid 5168] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] <... futex resumed>) = 0 [pid 5168] <... futex resumed>) = 1 [pid 5167] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5168] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5167] <... futex resumed>) = 0 [pid 5167] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5168] <... openat resumed>) = 4 [pid 5168] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5167] <... futex resumed>) = 0 [pid 5167] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5168] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5168] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5167] <... futex resumed>) = 0 [pid 5167] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5168] write(4, "\x00\x00", 2) = 2 [pid 5168] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5167] <... futex resumed>) = 0 [pid 5167] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5168] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5167] <... mmap resumed>) = 0x7f8041315000 [pid 5167] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5167] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5169], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5169 ./strace-static-x86_64: Process 5169 attached [pid 5168] <... mmap resumed>) = 0x20000000 [pid 5167] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5169] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5169] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5169] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5169] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] <... futex resumed>) = 0 [pid 5167] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5169] <... futex resumed>) = 1 [pid 5169] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5169] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] <... futex resumed>) = 0 [pid 5169] <... futex resumed>) = 1 [pid 5168] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5169] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5168] <... futex resumed>) = 0 [pid 5168] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5167] exit_group(0) = ? [pid 5169] <... futex resumed>) = ? [pid 5168] <... futex resumed>) = ? [pid 5169] +++ exited with 0 +++ [pid 5168] +++ exited with 0 +++ [pid 5167] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5167, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./56/binderfs") = 0 umount2("./56/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./56/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./56/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./56/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5170 ./strace-static-x86_64: Process 5170 attached [pid 5170] set_robust_list(0x555555e366e0, 24) = 0 [pid 5170] chdir("./57") = 0 [pid 5170] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5170] setpgid(0, 0) = 0 [pid 5170] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5170] write(3, "1000", 4) = 4 [pid 5170] close(3) = 0 [pid 5170] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5170] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5170] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5170] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5170] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5171 attached , parent_tid=[5171], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5171 [pid 5170] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5170] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5171] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5171] memfd_create("syzkaller", 0) = 3 [pid 5171] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5171] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [ 49.593251][ T5168] loop0: detected capacity change from 0 to 256 [ 49.601401][ T5168] exfat: Deprecated parameter 'utf8' [ 49.610597][ T5168] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5171] munmap(0x7f8041316000, 131072) = 0 [pid 5171] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5171] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5171] close(3) = 0 [pid 5171] mkdir("./file2", 0777) = 0 [pid 5171] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5171] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5171] chdir("./file2") = 0 [pid 5171] ioctl(4, LOOP_CLR_FD) = 0 [pid 5171] close(4) = 0 [pid 5171] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5170] <... futex resumed>) = 0 [pid 5171] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5170] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5170] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5171] <... futex resumed>) = 0 [pid 5171] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5171] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] <... futex resumed>) = 0 [pid 5171] <... futex resumed>) = 1 [pid 5170] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5170] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5171] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5171] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] <... futex resumed>) = 0 [pid 5171] <... futex resumed>) = 1 [pid 5170] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5170] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5171] write(4, "\x00\x00", 2) = 2 [pid 5171] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5170] <... futex resumed>) = 0 [pid 5170] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5170] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5170] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5170] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE [pid 5171] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5170] <... mprotect resumed>) = 0 [pid 5170] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5172], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5172 ./strace-static-x86_64: Process 5172 attached [pid 5171] <... mmap resumed>) = 0x20000000 [pid 5170] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5170] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5172] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5172] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5172] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5172] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] <... futex resumed>) = 0 [pid 5170] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5170] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5172] <... futex resumed>) = 1 [pid 5172] getdents64(-1, [pid 5171] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5172] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] <... futex resumed>) = 0 [pid 5170] exit_group(0) = ? [pid 5172] <... futex resumed>) = ? [pid 5172] +++ exited with 0 +++ [pid 5171] <... futex resumed>) = ? [pid 5171] +++ exited with 0 +++ [pid 5170] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5170, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./57/binderfs") = 0 umount2("./57/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./57/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./57/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./57/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5173 ./strace-static-x86_64: Process 5173 attached [pid 5173] set_robust_list(0x555555e366e0, 24) = 0 [pid 5173] chdir("./58") = 0 [pid 5173] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5173] setpgid(0, 0) = 0 [pid 5173] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5173] write(3, "1000", 4) = 4 [pid 5173] close(3) = 0 [pid 5173] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5173] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5173] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5173] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5174], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5174 [pid 5173] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5174 attached [pid 5174] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5174] memfd_create("syzkaller", 0) = 3 [pid 5174] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5174] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5174] munmap(0x7f8041316000, 131072) = 0 [pid 5174] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 49.675501][ T5171] loop0: detected capacity change from 0 to 256 [ 49.684692][ T5171] exfat: Deprecated parameter 'utf8' [ 49.693404][ T5171] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5174] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5174] close(3) = 0 [pid 5174] mkdir("./file2", 0777) = 0 [pid 5174] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5174] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5174] chdir("./file2") = 0 [pid 5174] ioctl(4, LOOP_CLR_FD) = 0 [pid 5174] close(4) = 0 [pid 5174] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5173] <... futex resumed>) = 0 [pid 5173] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5174] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5174] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5173] <... futex resumed>) = 0 [pid 5173] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5173] <... futex resumed>) = 0 [pid 5173] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5174] <... openat resumed>) = 5 [pid 5174] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5173] <... futex resumed>) = 0 [pid 5173] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] write(4, "\x00\x00", 2 [pid 5173] <... futex resumed>) = 0 [pid 5174] <... write resumed>) = 2 [pid 5174] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5174] <... futex resumed>) = 0 [pid 5173] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5173] <... futex resumed>) = 0 [pid 5173] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] <... mmap resumed>) = 0x20000000 [pid 5173] <... futex resumed>) = 0 [pid 5173] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5174] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] <... mmap resumed>) = 0x7f8041315000 [pid 5174] <... futex resumed>) = 0 [pid 5173] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE [pid 5174] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5173] <... mprotect resumed>) = 0 [pid 5173] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5175], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5175 [pid 5173] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5175 attached [pid 5175] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5175] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5175] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5175] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5173] <... futex resumed>) = 0 [pid 5173] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5173] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5174] <... futex resumed>) = 0 [pid 5174] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5174] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5173] <... futex resumed>) = 0 [pid 5173] exit_group(0) = ? [pid 5174] +++ exited with 0 +++ [pid 5175] +++ exited with 0 +++ [pid 5173] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5173, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./58/binderfs") = 0 [ 49.747885][ T5174] loop0: detected capacity change from 0 to 256 [ 49.755437][ T5174] exfat: Deprecated parameter 'utf8' [ 49.764488][ T5174] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./58/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./58/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./58/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./58/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5176 ./strace-static-x86_64: Process 5176 attached [pid 5176] set_robust_list(0x555555e366e0, 24) = 0 [pid 5176] chdir("./59") = 0 [pid 5176] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5176] setpgid(0, 0) = 0 [pid 5176] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5176] write(3, "1000", 4) = 4 [pid 5176] close(3) = 0 [pid 5176] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5176] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5176] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5176] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5176] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5177], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5177 [pid 5176] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5176] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5177 attached [pid 5177] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5177] memfd_create("syzkaller", 0) = 3 [pid 5177] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5177] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5177] munmap(0x7f8041316000, 131072) = 0 [pid 5177] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5177] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5177] close(3) = 0 [pid 5177] mkdir("./file2", 0777) = 0 [pid 5177] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5177] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5177] chdir("./file2") = 0 [pid 5177] ioctl(4, LOOP_CLR_FD) = 0 [pid 5177] close(4) = 0 [pid 5177] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5176] <... futex resumed>) = 0 [pid 5176] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5176] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5177] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5177] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5176] <... futex resumed>) = 0 [pid 5176] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5176] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5177] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5177] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5176] <... futex resumed>) = 0 [pid 5176] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5176] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5177] write(4, "\x00\x00", 2) = 2 [pid 5177] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5176] <... futex resumed>) = 0 [pid 5176] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5176] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5176] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5177] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5176] <... mmap resumed>) = 0x7f8041315000 [pid 5176] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5176] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5178], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5178 [pid 5176] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5176] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5178 attached [pid 5177] <... mmap resumed>) = 0x20000000 [pid 5178] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5178] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5178] openat(AT_FDCWD, "", O_RDONLY [pid 5177] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5178] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5178] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] <... futex resumed>) = 0 [pid 5176] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5176] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5178] <... futex resumed>) = 1 [pid 5178] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5177] <... futex resumed>) = 1 [pid 5176] <... futex resumed>) = 0 [pid 5176] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5177] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5177] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5176] <... futex resumed>) = 0 [pid 5177] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5176] exit_group(0) = ? [pid 5178] <... futex resumed>) = ? [pid 5178] +++ exited with 0 +++ [pid 5177] <... futex resumed>) = ? [pid 5177] +++ exited with 0 +++ [pid 5176] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5176, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./59/binderfs") = 0 umount2("./59/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./59/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./59/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./59/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5179 ./strace-static-x86_64: Process 5179 attached [pid 5179] set_robust_list(0x555555e366e0, 24) = 0 [pid 5179] chdir("./60") = 0 [pid 5179] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5179] setpgid(0, 0) = 0 [pid 5179] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5179] write(3, "1000", 4) = 4 [pid 5179] close(3) = 0 [pid 5179] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5179] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5179] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5179] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5179] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5180 attached [pid 5180] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5180] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5179] <... clone resumed>, parent_tid=[5180], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5180 [pid 5179] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5180] <... futex resumed>) = 0 [pid 5180] memfd_create("syzkaller", 0) = 3 [ 49.823267][ T5177] loop0: detected capacity change from 0 to 256 [ 49.832116][ T5177] exfat: Deprecated parameter 'utf8' [ 49.841381][ T5177] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5180] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5179] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5180] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5180] munmap(0x7f8041316000, 131072) = 0 [pid 5180] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5180] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5180] close(3) = 0 [pid 5180] mkdir("./file2", 0777) = 0 [pid 5180] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5180] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5180] chdir("./file2") = 0 [pid 5180] ioctl(4, LOOP_CLR_FD) = 0 [pid 5180] close(4) = 0 [pid 5180] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5179] <... futex resumed>) = 0 [pid 5180] <... futex resumed>) = 1 [pid 5179] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5179] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5180] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5180] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5179] <... futex resumed>) = 0 [pid 5179] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5179] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5180] <... futex resumed>) = 1 [pid 5180] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5180] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5179] <... futex resumed>) = 0 [pid 5179] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5179] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5180] <... futex resumed>) = 1 [pid 5180] write(4, "\x00\x00", 2) = 2 [pid 5180] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5179] <... futex resumed>) = 0 [pid 5179] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5179] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5179] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5179] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5179] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5180] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5179] <... clone resumed>, parent_tid=[5181], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5181 [pid 5179] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5179] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5181 attached [pid 5181] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5181] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5180] <... mmap resumed>) = 0x20000000 [pid 5180] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] <... openat resumed>) = 6 [pid 5181] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5179] <... futex resumed>) = 0 [pid 5179] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5179] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5181] <... futex resumed>) = 1 [pid 5181] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5180] <... futex resumed>) = 1 [pid 5179] <... futex resumed>) = 0 [pid 5179] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5180] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 5180] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5179] <... futex resumed>) = 0 [pid 5179] exit_group(0) = ? [pid 5181] <... futex resumed>) = ? [pid 5180] <... futex resumed>) = ? [pid 5181] +++ exited with 0 +++ [pid 5180] +++ exited with 0 +++ [pid 5179] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5179, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./60/binderfs") = 0 umount2("./60/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./60/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./60/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./60/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5182 attached [pid 5182] set_robust_list(0x555555e366e0, 24) = 0 [pid 4997] <... clone resumed>, child_tidptr=0x555555e366d0) = 5182 [pid 5182] chdir("./61") = 0 [pid 5182] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5182] setpgid(0, 0) = 0 [ 49.908648][ T5180] loop0: detected capacity change from 0 to 256 [ 49.917187][ T5180] exfat: Deprecated parameter 'utf8' [ 49.925943][ T5180] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5182] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5182] write(3, "1000", 4) = 4 [pid 5182] close(3) = 0 [pid 5182] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5182] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5182] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5182] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5182] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5183 attached , parent_tid=[5183], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5183 [pid 5183] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5182] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5182] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5183] memfd_create("syzkaller", 0) = 3 [pid 5183] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5183] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5183] munmap(0x7f8041316000, 131072) = 0 [pid 5183] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5183] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5183] close(3) = 0 [pid 5183] mkdir("./file2", 0777) = 0 [pid 5183] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5183] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5183] chdir("./file2") = 0 [pid 5183] ioctl(4, LOOP_CLR_FD) = 0 [pid 5183] close(4) = 0 [pid 5183] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5182] <... futex resumed>) = 0 [pid 5182] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5182] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5183] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5183] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5182] <... futex resumed>) = 0 [pid 5182] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5182] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5183] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5183] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5182] <... futex resumed>) = 0 [pid 5182] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5182] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5183] write(4, "\x00\x00", 2) = 2 [pid 5183] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5182] <... futex resumed>) = 0 [pid 5182] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5182] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5182] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5183] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5182] <... mmap resumed>) = 0x7f8041315000 [pid 5182] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5182] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5184], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5184 ./strace-static-x86_64: Process 5184 attached [pid 5183] <... mmap resumed>) = 0x20000000 [pid 5182] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5182] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5184] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5183] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5184] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] <... futex resumed>) = 0 [pid 5182] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5182] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] <... futex resumed>) = 1 [pid 5184] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5183] <... futex resumed>) = 1 [pid 5182] <... futex resumed>) = 0 [pid 5182] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5183] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5183] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5182] <... futex resumed>) = 0 [pid 5182] exit_group(0) = ? [pid 5184] <... futex resumed>) = ? [pid 5184] +++ exited with 0 +++ [pid 5183] +++ exited with 0 +++ [pid 5182] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5182, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./61/binderfs") = 0 umount2("./61/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./61/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./61/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./61/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 49.997423][ T5183] loop0: detected capacity change from 0 to 256 [ 50.006603][ T5183] exfat: Deprecated parameter 'utf8' [ 50.015597][ T5183] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5185 attached , child_tidptr=0x555555e366d0) = 5185 [pid 5185] set_robust_list(0x555555e366e0, 24) = 0 [pid 5185] chdir("./62") = 0 [pid 5185] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5185] setpgid(0, 0) = 0 [pid 5185] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5185] write(3, "1000", 4) = 4 [pid 5185] close(3) = 0 [pid 5185] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5185] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5185] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5185] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5185] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5186 attached , parent_tid=[5186], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5186 [pid 5186] set_robust_list(0x7f80497369e0, 24 [pid 5185] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] <... set_robust_list resumed>) = 0 [pid 5186] memfd_create("syzkaller", 0 [pid 5185] <... futex resumed>) = 0 [pid 5186] <... memfd_create resumed>) = 3 [pid 5186] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5185] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5186] <... mmap resumed>) = 0x7f8041316000 [pid 5186] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5186] munmap(0x7f8041316000, 131072) = 0 [pid 5186] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5186] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5186] close(3) = 0 [pid 5186] mkdir("./file2", 0777) = 0 [pid 5186] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5186] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5186] chdir("./file2") = 0 [pid 5186] ioctl(4, LOOP_CLR_FD) = 0 [pid 5186] close(4) = 0 [pid 5186] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5185] <... futex resumed>) = 0 [pid 5186] <... futex resumed>) = 1 [pid 5185] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5185] <... futex resumed>) = 0 [pid 5185] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5186] <... openat resumed>) = 4 [pid 5186] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5185] <... futex resumed>) = 0 [pid 5185] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5185] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5186] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5186] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5185] <... futex resumed>) = 0 [pid 5186] <... futex resumed>) = 1 [pid 5185] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5185] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5186] write(4, "\x00\x00", 2) = 2 [pid 5186] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5185] <... futex resumed>) = 0 [pid 5186] <... futex resumed>) = 1 [pid 5185] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5185] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5185] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5185] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5185] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5187 attached , parent_tid=[5187], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5187 [pid 5187] set_robust_list(0x7f80413359e0, 24 [pid 5185] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... set_robust_list resumed>) = 0 [pid 5185] <... futex resumed>) = 0 [pid 5187] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5185] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5186] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5187] <... openat resumed>) = 6 [pid 5187] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5185] <... futex resumed>) = 0 [pid 5187] getdents64(6, [ 50.095413][ T5186] loop0: detected capacity change from 0 to 256 [ 50.103881][ T5186] exfat: Deprecated parameter 'utf8' [ 50.113202][ T5186] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [ 50.153764][ T5187] [ 50.156110][ T5187] ====================================================== [ 50.163111][ T5187] WARNING: possible circular locking dependency detected [ 50.170199][ T5187] 6.4.0-rc5-syzkaller-00002-gf8dba31b0a82 #0 Not tainted [ 50.177196][ T5187] ------------------------------------------------------ [ 50.184190][ T5187] syz-executor181/5187 is trying to acquire lock: [ 50.190578][ T5187] ffff88807ac63768 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault+0xb3d/0x1210 [ 50.200061][ T5187] [ 50.200061][ T5187] but task is already holding lock: [ 50.207400][ T5187] ffff88801e4a00e0 (&sbi->s_lock){+.+.}-{3:3}, at: exfat_iterate+0x111/0xb40 [ 50.216174][ T5187] [ 50.216174][ T5187] which lock already depends on the new lock. [ 50.216174][ T5187] [ 50.226550][ T5187] [ 50.226550][ T5187] the existing dependency chain (in reverse order) is: [ 50.235556][ T5187] [ 50.235556][ T5187] -> #2 (&sbi->s_lock){+.+.}-{3:3}: [ 50.242917][ T5187] __mutex_lock+0x12f/0x1350 [ 50.248025][ T5187] exfat_get_block+0x18d/0x16e0 [ 50.253385][ T5187] do_mpage_readpage+0x768/0x1960 [ 50.258910][ T5187] mpage_readahead+0x344/0x580 [ 50.264172][ T5187] read_pages+0x1a2/0xd40 [ 50.269094][ T5187] page_cache_ra_unbounded+0x477/0x5e0 [ 50.275055][ T5187] page_cache_ra_order+0x6ec/0xa00 [ 50.280665][ T5187] ondemand_readahead+0x6b3/0x1080 [ 50.286277][ T5187] page_cache_sync_ra+0x1c9/0x200 [ 50.291808][ T5187] filemap_get_pages+0x28d/0x1620 [ 50.297334][ T5187] filemap_read+0x35e/0xc70 [ 50.302361][ T5187] generic_file_read_iter+0x3ad/0x5b0 [ 50.308238][ T5187] __kernel_read+0x2ca/0x830 [ 50.313334][ T5187] integrity_kernel_read+0x7f/0xb0 [ 50.318948][ T5187] ima_calc_file_hash_tfm+0x2b3/0x3c0 [ 50.324826][ T5187] ima_calc_file_hash+0x195/0x4a0 [ 50.330357][ T5187] ima_collect_measurement+0x55b/0x670 [ 50.336322][ T5187] process_measurement+0xd2f/0x1930 [ 50.342029][ T5187] ima_file_check+0xba/0x100 [ 50.347124][ T5187] path_openat+0x15d3/0x2750 [ 50.352234][ T5187] do_filp_open+0x1ba/0x410 [ 50.357241][ T5187] do_sys_openat2+0x16d/0x4c0 [ 50.362421][ T5187] __x64_sys_openat+0x143/0x1f0 [ 50.367780][ T5187] do_syscall_64+0x39/0xb0 [ 50.372707][ T5187] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 50.379107][ T5187] [ 50.379107][ T5187] -> #1 (mapping.invalidate_lock#3){.+.+}-{3:3}: [ 50.387604][ T5187] down_read+0x9c/0x480 [ 50.392264][ T5187] filemap_fault+0xbba/0x24c0 [ 50.397448][ T5187] __do_fault+0x107/0x600 [ 50.402285][ T5187] __handle_mm_fault+0x28bc/0x41c0 [ 50.407903][ T5187] handle_mm_fault+0x2af/0x9f0 [ 50.413171][ T5187] __get_user_pages+0x60a/0x10e0 [ 50.418614][ T5187] __gup_longterm_locked+0x720/0x2420 [ 50.424497][ T5187] pin_user_pages_remote+0x101/0x160 [ 50.430285][ T5187] process_vm_rw_core.constprop.0+0x43b/0x990 [ 50.436874][ T5187] process_vm_rw+0x29c/0x300 [ 50.441966][ T5187] __x64_sys_process_vm_readv+0xe3/0x1b0 [ 50.448101][ T5187] do_syscall_64+0x39/0xb0 [ 50.453026][ T5187] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 50.459431][ T5187] [ 50.459431][ T5187] -> #0 (&mm->mmap_lock){++++}-{3:3}: [ 50.466968][ T5187] __lock_acquire+0x2fcd/0x5f30 [ 50.472326][ T5187] lock_acquire+0x1b1/0x520 [ 50.477420][ T5187] down_read+0x9c/0x480 [ 50.482080][ T5187] do_user_addr_fault+0xb3d/0x1210 [ 50.487701][ T5187] exc_page_fault+0x98/0x170 [ 50.492794][ T5187] asm_exc_page_fault+0x26/0x30 [ 50.498153][ T5187] filldir64+0x291/0x5d0 [ 50.502908][ T5187] exfat_iterate+0x56b/0xb40 [ 50.508008][ T5187] iterate_dir+0x1fd/0x6f0 [ 50.512936][ T5187] __x64_sys_getdents64+0x13e/0x2c0 [ 50.518645][ T5187] do_syscall_64+0x39/0xb0 [ 50.523572][ T5187] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 50.529975][ T5187] [ 50.529975][ T5187] other info that might help us debug this: [ 50.529975][ T5187] [ 50.540177][ T5187] Chain exists of: [ 50.540177][ T5187] &mm->mmap_lock --> mapping.invalidate_lock#3 --> &sbi->s_lock [ 50.540177][ T5187] [ 50.553713][ T5187] Possible unsafe locking scenario: [ 50.553713][ T5187] [ 50.561140][ T5187] CPU0 CPU1 [ 50.566486][ T5187] ---- ---- [ 50.571827][ T5187] lock(&sbi->s_lock); [ 50.575962][ T5187] lock(mapping.invalidate_lock#3); [ 50.583746][ T5187] lock(&sbi->s_lock); [ 50.590399][ T5187] rlock(&mm->mmap_lock); [ 50.594794][ T5187] [ 50.594794][ T5187] *** DEADLOCK *** [ 50.594794][ T5187] [ 50.602913][ T5187] 3 locks held by syz-executor181/5187: [ 50.608436][ T5187] #0: ffff88802aa4c868 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe7/0x100 [ 50.617732][ T5187] #1: ffff8880700077b0 (&sb->s_type->i_mutex_key#15){++++}-{3:3}, at: iterate_dir+0x504/0x6f0 [ 50.628071][ T5187] #2: ffff88801e4a00e0 (&sbi->s_lock){+.+.}-{3:3}, at: exfat_iterate+0x111/0xb40 [ 50.637277][ T5187] [ 50.637277][ T5187] stack backtrace: [ 50.643141][ T5187] CPU: 0 PID: 5187 Comm: syz-executor181 Not tainted 6.4.0-rc5-syzkaller-00002-gf8dba31b0a82 #0 [ 50.653533][ T5187] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 50.663583][ T5187] Call Trace: [ 50.666846][ T5187] [ 50.669770][ T5187] dump_stack_lvl+0xd9/0x150 [ 50.674345][ T5187] check_noncircular+0x25f/0x2e0 [ 50.679273][ T5187] ? print_circular_bug+0x730/0x730 [ 50.684457][ T5187] ? mark_lock.part.0+0xee/0x1970 [ 50.689467][ T5187] ? print_usage_bug.part.0+0x660/0x660 [ 50.694999][ T5187] __lock_acquire+0x2fcd/0x5f30 [ 50.699839][ T5187] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 50.705808][ T5187] ? __lock_acquire+0x1987/0x5f30 [ 50.710841][ T5187] lock_acquire+0x1b1/0x520 [ 50.715432][ T5187] ? do_user_addr_fault+0xb3d/0x1210 [ 50.720700][ T5187] ? lock_sync+0x190/0x190 [ 50.725096][ T5187] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 50.731064][ T5187] down_read+0x9c/0x480 [ 50.735213][ T5187] ? do_user_addr_fault+0xb3d/0x1210 [ 50.740482][ T5187] ? down_write_killable+0x250/0x250 [ 50.745748][ T5187] ? trim_init_extable+0x3d0/0x3d0 [ 50.750842][ T5187] ? filldir64+0x291/0x5d0 [ 50.755245][ T5187] ? mark_held_locks+0x9f/0xe0 [ 50.759997][ T5187] do_user_addr_fault+0xb3d/0x1210 [ 50.765095][ T5187] exc_page_fault+0x98/0x170 [ 50.769673][ T5187] asm_exc_page_fault+0x26/0x30 [ 50.774510][ T5187] RIP: 0010:filldir64+0x291/0x5d0 [ 50.779522][ T5187] Code: 02 41 83 e7 01 44 89 fe e8 9c c2 98 ff 45 84 ff 0f 84 9a fe ff ff e9 40 ff ff ff e8 a9 c6 98 ff 0f 01 cb 0f ae e8 48 8b 04 24 <49> 89 47 08 e8 96 c6 98 ff 4c 8b 7c 24 28 48 8b 7c 24 10 49 89 3f [ 50.799112][ T5187] RSP: 0018:ffffc90003c5fbf8 EFLAGS: 00050293 [ 50.805161][ T5187] RAX: 0000000000000000 RBX: ffffc90003c5fe98 RCX: 0000000000000000 [ 50.813142][ T5187] RDX: ffff88801fa55940 RSI: ffffffff81eb7f97 RDI: 0000000000000006 [ 50.821117][ T5187] RBP: 0000000000000018 R08: 0000000000000006 R09: 0000000000000000 [ 50.829069][ T5187] R10: 0000000000000018 R11: 0000000000000001 R12: 0000000000000001 [ 50.837022][ T5187] R13: 0000000000000018 R14: ffffffff8a662e00 R15: 0000000000000000 [ 50.844982][ T5187] ? filldir64+0x287/0x5d0 [ 50.849421][ T5187] ? filldir64+0x287/0x5d0 [ 50.853843][ T5187] exfat_iterate+0x56b/0xb40 [ 50.858422][ T5187] ? trace_contention_end+0xd8/0x100 [ 50.863794][ T5187] ? exfat_readdir+0x14a0/0x14a0 [ 50.868734][ T5187] ? down_write_killable+0x15b/0x250 [ 50.874005][ T5187] ? fsnotify_perm.part.0+0x221/0x610 [ 50.879358][ T5187] iterate_dir+0x1fd/0x6f0 [ 50.883773][ T5187] __x64_sys_getdents64+0x13e/0x2c0 [ 50.888959][ T5187] ? __ia32_sys_getdents+0x2c0/0x2c0 [ 50.894247][ T5187] ? compat_fillonedir+0x470/0x470 [ 50.899350][ T5187] ? lockdep_hardirqs_on+0x7d/0x100 [ 50.904622][ T5187] ? _raw_spin_unlock_irq+0x2e/0x50 [ 50.909811][ T5187] ? ptrace_notify+0xfe/0x140 [ 50.914509][ T5187] do_syscall_64+0x39/0xb0 [ 50.918915][ T5187] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 50.924796][ T5187] RIP: 0033:0x7f804978aab9 [ 50.929196][ T5187] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 50.948786][ T5187] RSP: 002b:00007f8041335208 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [pid 5185] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5185] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5186] <... mmap resumed>) = 0x20000000 [pid 5186] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5187] <... getdents64 resumed>NULL, 32776) = -1 EFAULT (Bad address) [pid 5187] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5185] <... futex resumed>) = 0 [pid 5187] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5185] exit_group(0) = ? [pid 5186] <... futex resumed>) = ? [pid 5187] <... futex resumed>) = ? [pid 5186] +++ exited with 0 +++ [pid 5187] +++ exited with 0 +++ [pid 5185] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5185, si_uid=0, si_status=0, si_utime=0, si_stime=89 /* 0.89 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./62/binderfs") = 0 umount2("./62/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./62/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./62/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./62/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 50.957182][ T5187] RAX: ffffffffffffffda RBX: 00007f80498107b8 RCX: 00007f804978aab9 [ 50.965133][ T5187] RDX: 0000000000008008 RSI: 0000000000000000 RDI: 0000000000000006 [ 50.973185][ T5187] RBP: 00007f80498107b0 R08: 0000000000000000 R09: 0000000000000000 [ 50.981225][ T5187] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f80498107bc [ 50.989179][ T5187] R13: 00007fff6d2c4cff R14: 00007f8041335300 R15: 0000000000022000 [ 50.997133][ T5187] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5188 ./strace-static-x86_64: Process 5188 attached [pid 5188] set_robust_list(0x555555e366e0, 24) = 0 [pid 5188] chdir("./63") = 0 [pid 5188] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5188] setpgid(0, 0) = 0 [pid 5188] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5188] write(3, "1000", 4) = 4 [pid 5188] close(3) = 0 [pid 5188] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5188] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5188] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5188] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5189], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5189 [pid 5188] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5189 attached [pid 5189] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5189] memfd_create("syzkaller", 0) = 3 [pid 5189] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5189] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5189] munmap(0x7f8041316000, 131072) = 0 [pid 5189] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5189] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5189] close(3) = 0 [pid 5189] mkdir("./file2", 0777) = 0 [pid 5189] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5189] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5189] chdir("./file2") = 0 [pid 5189] ioctl(4, LOOP_CLR_FD) = 0 [pid 5189] close(4) = 0 [pid 5189] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] <... futex resumed>) = 0 [pid 5188] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5189] <... futex resumed>) = 1 [pid 5189] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5189] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] <... futex resumed>) = 0 [pid 5188] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5189] <... futex resumed>) = 1 [pid 5189] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5189] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] <... futex resumed>) = 0 [pid 5188] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5189] <... futex resumed>) = 1 [pid 5189] write(4, "\x00\x00", 2) = 2 [pid 5189] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] <... futex resumed>) = 0 [pid 5188] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5188] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5188] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5190], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5190 [pid 5188] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5189] <... futex resumed>) = 1 [pid 5189] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0./strace-static-x86_64: Process 5190 attached [pid 5190] set_robust_list(0x7f80413359e0, 24 [pid 5189] <... mmap resumed>) = 0x20000000 [pid 5189] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5190] <... set_robust_list resumed>) = 0 [pid 5190] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5190] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5190] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5188] <... futex resumed>) = 0 [pid 5188] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5188] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5189] <... futex resumed>) = 0 [pid 5189] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5189] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] <... futex resumed>) = 0 [pid 5188] exit_group(0) = ? [pid 5189] <... futex resumed>) = ? [pid 5189] +++ exited with 0 +++ [pid 5190] +++ exited with 0 +++ [pid 5188] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5188, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./63/binderfs") = 0 umount2("./63/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./63/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./63/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./63/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5191 ./strace-static-x86_64: Process 5191 attached [pid 5191] set_robust_list(0x555555e366e0, 24) = 0 [pid 5191] chdir("./64") = 0 [pid 5191] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5191] setpgid(0, 0) = 0 [pid 5191] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5191] write(3, "1000", 4) = 4 [pid 5191] close(3) = 0 [pid 5191] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5191] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5191] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5191] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5192 attached , parent_tid=[5192], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5192 [pid 5192] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5192] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5191] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5192] <... futex resumed>) = 0 [pid 5191] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5192] memfd_create("syzkaller", 0) = 3 [pid 5192] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5192] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5192] munmap(0x7f8041316000, 131072) = 0 [pid 5192] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 51.048025][ T5189] loop0: detected capacity change from 0 to 256 [ 51.055465][ T5189] exfat: Deprecated parameter 'utf8' [ 51.063520][ T5189] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5192] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5192] close(3) = 0 [pid 5192] mkdir("./file2", 0777) = 0 [pid 5192] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5192] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5192] chdir("./file2") = 0 [pid 5192] ioctl(4, LOOP_CLR_FD) = 0 [pid 5192] close(4) = 0 [pid 5192] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] <... futex resumed>) = 0 [pid 5191] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5192] <... futex resumed>) = 1 [pid 5192] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5192] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5191] <... futex resumed>) = 0 [pid 5191] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5192] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5192] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5191] <... futex resumed>) = 0 [pid 5191] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5192] write(4, "\x00\x00", 2) = 2 [pid 5192] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5191] <... futex resumed>) = 0 [pid 5191] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5192] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5191] <... mmap resumed>) = 0x7f8041315000 [pid 5191] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5191] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5193], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5193 [pid 5191] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5193 attached [pid 5193] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5193] openat(AT_FDCWD, "./file0", O_RDONLY) = 6 [pid 5193] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] <... futex resumed>) = 0 [pid 5191] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5193] <... futex resumed>) = 1 [pid 5192] <... mmap resumed>) = 0x20000000 [pid 5193] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 5193] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] <... futex resumed>) = 0 [pid 5193] <... futex resumed>) = 1 [pid 5193] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5192] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5191] exit_group(0) = ? [pid 5193] <... futex resumed>) = ? [pid 5193] +++ exited with 0 +++ [pid 5192] <... futex resumed>) = ? [pid 5192] +++ exited with 0 +++ [pid 5191] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5191, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./64/binderfs") = 0 umount2("./64/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./64/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./64/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./64/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5194 attached [pid 5194] set_robust_list(0x555555e366e0, 24) = 0 [pid 4997] <... clone resumed>, child_tidptr=0x555555e366d0) = 5194 [pid 5194] chdir("./65") = 0 [pid 5194] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5194] setpgid(0, 0) = 0 [pid 5194] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5194] write(3, "1000", 4) = 4 [pid 5194] close(3) = 0 [pid 5194] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5194] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5194] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5194] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5195 attached [pid 5195] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5195] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5194] <... clone resumed>, parent_tid=[5195], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5195 [pid 5194] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5195] <... futex resumed>) = 0 [pid 5194] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5195] memfd_create("syzkaller", 0) = 3 [pid 5195] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5195] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5195] munmap(0x7f8041316000, 131072) = 0 [pid 5195] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 51.115392][ T5192] loop0: detected capacity change from 0 to 256 [ 51.122960][ T5192] exfat: Deprecated parameter 'utf8' [ 51.130823][ T5192] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5195] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5195] close(3) = 0 [pid 5195] mkdir("./file2", 0777) = 0 [pid 5195] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5195] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5195] chdir("./file2") = 0 [pid 5195] ioctl(4, LOOP_CLR_FD) = 0 [pid 5195] close(4) = 0 [pid 5195] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] <... futex resumed>) = 0 [pid 5194] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5195] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5195] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] <... futex resumed>) = 0 [pid 5194] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5195] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5195] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] <... futex resumed>) = 0 [pid 5194] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5195] write(4, "\x00\x00", 2) = 2 [pid 5195] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] <... futex resumed>) = 0 [pid 5194] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5195] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5194] <... mmap resumed>) = 0x7f8041315000 [pid 5194] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5194] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5196], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5196 ./strace-static-x86_64: Process 5196 attached [pid 5195] <... mmap resumed>) = 0x20000000 [pid 5194] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5196] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5196] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5195] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5196] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5196] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5194] <... futex resumed>) = 0 [pid 5194] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5196] <... futex resumed>) = 1 [pid 5196] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5194] <... futex resumed>) = 0 [pid 5194] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5195] <... futex resumed>) = 1 [pid 5195] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5195] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5194] <... futex resumed>) = 0 [pid 5194] exit_group(0) = ? [pid 5196] <... futex resumed>) = ? [pid 5196] +++ exited with 0 +++ [pid 5195] <... futex resumed>) = ? [pid 5195] +++ exited with 0 +++ [pid 5194] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5194, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./65/binderfs") = 0 umount2("./65/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./65/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./65/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./65/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5197 ./strace-static-x86_64: Process 5197 attached [pid 5197] set_robust_list(0x555555e366e0, 24) = 0 [pid 5197] chdir("./66") = 0 [pid 5197] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5197] setpgid(0, 0) = 0 [pid 5197] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5197] write(3, "1000", 4) = 4 [pid 5197] close(3) = 0 [pid 5197] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5197] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5197] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5197] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5197] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5198 attached , parent_tid=[5198], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5198 [pid 5198] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5198] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5197] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5198] <... futex resumed>) = 0 [pid 5198] memfd_create("syzkaller", 0) = 3 [pid 5198] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5197] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5198] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5198] munmap(0x7f8041316000, 131072) = 0 [pid 5198] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 51.188954][ T5195] loop0: detected capacity change from 0 to 256 [ 51.196738][ T5195] exfat: Deprecated parameter 'utf8' [ 51.204539][ T5195] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5198] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5198] close(3) = 0 [pid 5198] mkdir("./file2", 0777) = 0 [pid 5198] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5198] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5198] chdir("./file2") = 0 [pid 5198] ioctl(4, LOOP_CLR_FD) = 0 [pid 5198] close(4) = 0 [pid 5198] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5197] <... futex resumed>) = 0 [pid 5197] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5198] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5197] <... futex resumed>) = 0 [pid 5197] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5198] <... openat resumed>) = 4 [pid 5198] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5197] <... futex resumed>) = 0 [pid 5198] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5197] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5197] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5198] <... openat resumed>) = 5 [pid 5198] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5197] <... futex resumed>) = 0 [pid 5197] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5197] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5198] write(4, "\x00\x00", 2) = 2 [pid 5198] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5197] <... futex resumed>) = 0 [pid 5197] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5197] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5197] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5198] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5197] <... mmap resumed>) = 0x7f8041315000 [pid 5197] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5197] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5199], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5199 ./strace-static-x86_64: Process 5199 attached [pid 5198] <... mmap resumed>) = 0x20000000 [pid 5197] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5197] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5199] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5199] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5199] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5199] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5197] <... futex resumed>) = 0 [pid 5197] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5197] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5199] <... futex resumed>) = 1 [pid 5199] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5199] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5197] <... futex resumed>) = 0 [pid 5199] <... futex resumed>) = 1 [pid 5199] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5198] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5198] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5197] exit_group(0) = ? [pid 5198] <... futex resumed>) = ? [pid 5199] <... futex resumed>) = ? [pid 5198] +++ exited with 0 +++ [pid 5199] +++ exited with 0 +++ [pid 5197] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5197, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./66/binderfs") = 0 umount2("./66/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./66/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./66/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./66/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5200 ./strace-static-x86_64: Process 5200 attached [pid 5200] set_robust_list(0x555555e366e0, 24) = 0 [pid 5200] chdir("./67") = 0 [pid 5200] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5200] setpgid(0, 0) = 0 [pid 5200] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5200] write(3, "1000", 4) = 4 [pid 5200] close(3) = 0 [pid 5200] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5200] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5200] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5200] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5200] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5201], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5201 [pid 5200] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5200] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5201 attached [pid 5201] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5201] memfd_create("syzkaller", 0) = 3 [pid 5201] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5201] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5201] munmap(0x7f8041316000, 131072) = 0 [pid 5201] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 51.268080][ T5198] loop0: detected capacity change from 0 to 256 [ 51.275772][ T5198] exfat: Deprecated parameter 'utf8' [ 51.283517][ T5198] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5201] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5201] close(3) = 0 [pid 5201] mkdir("./file2", 0777) = 0 [pid 5201] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5201] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5201] chdir("./file2") = 0 [pid 5201] ioctl(4, LOOP_CLR_FD) = 0 [pid 5201] close(4) = 0 [pid 5201] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5200] <... futex resumed>) = 0 [pid 5200] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5200] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5201] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5201] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5200] <... futex resumed>) = 0 [pid 5200] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5200] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5201] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5201] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5200] <... futex resumed>) = 0 [pid 5200] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5200] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5201] write(4, "\x00\x00", 2) = 2 [pid 5201] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5200] <... futex resumed>) = 0 [pid 5200] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5200] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5200] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5200] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5200] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5202], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5202 [pid 5200] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5200] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5201] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5201] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5202 attached [pid 5202] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5202] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5202] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5202] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5200] <... futex resumed>) = 0 [pid 5202] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5200] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5200] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5201] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5201] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5201] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5200] <... futex resumed>) = 0 [pid 5200] exit_group(0) = ? [pid 5202] <... futex resumed>) = ? [pid 5202] +++ exited with 0 +++ [pid 5201] +++ exited with 0 +++ [pid 5200] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5200, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./67/binderfs") = 0 umount2("./67/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./67/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./67/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./67/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5203 ./strace-static-x86_64: Process 5203 attached [pid 5203] set_robust_list(0x555555e366e0, 24) = 0 [pid 5203] chdir("./68") = 0 [pid 5203] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5203] setpgid(0, 0) = 0 [pid 5203] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5203] write(3, "1000", 4) = 4 [pid 5203] close(3) = 0 [pid 5203] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5203] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5203] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5203] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5203] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5204], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5204 [pid 5203] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5203] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5204 attached [pid 5204] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5204] memfd_create("syzkaller", 0) = 3 [pid 5204] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5204] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5204] munmap(0x7f8041316000, 131072) = 0 [pid 5204] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 51.326840][ T5201] loop0: detected capacity change from 0 to 256 [ 51.334370][ T5201] exfat: Deprecated parameter 'utf8' [ 51.342721][ T5201] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5204] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5204] close(3) = 0 [pid 5204] mkdir("./file2", 0777) = 0 [pid 5204] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5204] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5204] chdir("./file2") = 0 [pid 5204] ioctl(4, LOOP_CLR_FD) = 0 [pid 5204] close(4) = 0 [pid 5204] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5203] <... futex resumed>) = 0 [pid 5203] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5203] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5204] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5204] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5203] <... futex resumed>) = 0 [pid 5203] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5204] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5203] <... futex resumed>) = 0 [pid 5203] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5204] <... openat resumed>) = 5 [pid 5204] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] <... futex resumed>) = 0 [pid 5204] <... futex resumed>) = 1 [pid 5203] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5203] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5204] write(4, "\x00\x00", 2) = 2 [pid 5204] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5203] <... futex resumed>) = 0 [pid 5203] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5204] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5203] <... futex resumed>) = 0 [pid 5203] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5203] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5204] <... mmap resumed>) = 0x20000000 [pid 5203] <... mmap resumed>) = 0x7f8041315000 [pid 5203] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5204] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5204] <... futex resumed>) = 0 [pid 5203] <... clone resumed>, parent_tid=[5205], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5205 [pid 5203] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5203] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5204] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5205 attached [pid 5205] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5205] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5205] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5205] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5203] <... futex resumed>) = 0 [pid 5203] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5203] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5204] <... futex resumed>) = 0 [pid 5204] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5204] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] <... futex resumed>) = 0 [pid 5205] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5203] exit_group(0) = ? [pid 5205] <... futex resumed>) = ? [pid 5204] <... futex resumed>) = ? [pid 5205] +++ exited with 0 +++ [pid 5204] +++ exited with 0 +++ [pid 5203] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5203, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./68/binderfs") = 0 umount2("./68/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./68/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./68/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./68/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5206 ./strace-static-x86_64: Process 5206 attached [pid 5206] set_robust_list(0x555555e366e0, 24) = 0 [pid 5206] chdir("./69") = 0 [pid 5206] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5206] setpgid(0, 0) = 0 [pid 5206] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5206] write(3, "1000", 4) = 4 [pid 5206] close(3) = 0 [pid 5206] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5206] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5206] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5206] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5206] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5207 attached , parent_tid=[5207], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5207 [pid 5207] set_robust_list(0x7f80497369e0, 24) = 0 [ 51.385216][ T5204] loop0: detected capacity change from 0 to 256 [ 51.392983][ T5204] exfat: Deprecated parameter 'utf8' [ 51.401013][ T5204] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5206] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] memfd_create("syzkaller", 0) = 3 [pid 5206] <... futex resumed>) = 0 [pid 5207] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5206] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5207] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5207] munmap(0x7f8041316000, 131072) = 0 [pid 5207] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5207] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5207] close(3) = 0 [pid 5207] mkdir("./file2", 0777) = 0 [pid 5207] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5207] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5207] chdir("./file2") = 0 [pid 5207] ioctl(4, LOOP_CLR_FD) = 0 [pid 5207] close(4) = 0 [pid 5207] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5206] <... futex resumed>) = 0 [pid 5206] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5206] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5207] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5207] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5206] <... futex resumed>) = 0 [pid 5206] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5206] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5207] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5207] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5206] <... futex resumed>) = 0 [pid 5206] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5206] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5207] write(4, "\x00\x00", 2) = 2 [pid 5207] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5206] <... futex resumed>) = 0 [pid 5206] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5206] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5206] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5206] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5207] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5206] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5208], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5208 [pid 5206] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5206] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5208 attached [pid 5208] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5208] openat(AT_FDCWD, "./file0", O_RDONLY) = 6 [pid 5208] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5206] <... futex resumed>) = 0 [pid 5206] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5206] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... futex resumed>) = 1 [pid 5207] <... mmap resumed>) = 0x20000000 [pid 5208] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 5208] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5206] <... futex resumed>) = 0 [pid 5208] <... futex resumed>) = 1 [pid 5208] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5207] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5206] exit_group(0) = ? [pid 5207] <... futex resumed>) = ? [pid 5207] +++ exited with 0 +++ [pid 5208] <... futex resumed>) = ? [pid 5208] +++ exited with 0 +++ [pid 5206] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5206, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./69/binderfs") = 0 umount2("./69/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./69/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./69/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./69/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5209 attached [pid 5209] set_robust_list(0x555555e366e0, 24) = 0 [pid 5209] chdir("./70" [pid 4997] <... clone resumed>, child_tidptr=0x555555e366d0) = 5209 [pid 5209] <... chdir resumed>) = 0 [pid 5209] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5209] setpgid(0, 0) = 0 [pid 5209] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5209] write(3, "1000", 4) = 4 [pid 5209] close(3) = 0 [pid 5209] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5209] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5209] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5209] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5210 attached , parent_tid=[5210], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5210 [pid 5210] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5209] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5210] memfd_create("syzkaller", 0) = 3 [pid 5210] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5210] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5210] munmap(0x7f8041316000, 131072) = 0 [pid 5210] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 51.478917][ T5207] loop0: detected capacity change from 0 to 256 [ 51.487335][ T5207] exfat: Deprecated parameter 'utf8' [ 51.495299][ T5207] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5210] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5210] close(3) = 0 [pid 5210] mkdir("./file2", 0777) = 0 [pid 5210] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5210] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5210] chdir("./file2") = 0 [pid 5210] ioctl(4, LOOP_CLR_FD) = 0 [pid 5210] close(4) = 0 [pid 5210] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5209] <... futex resumed>) = 0 [pid 5209] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5210] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5210] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5209] <... futex resumed>) = 0 [pid 5209] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5210] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5210] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5209] <... futex resumed>) = 0 [pid 5209] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5210] write(4, "\x00\x00", 2) = 2 [pid 5210] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5209] <... futex resumed>) = 0 [pid 5209] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5210] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5209] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5209] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE [pid 5210] <... mmap resumed>) = 0x20000000 [pid 5209] <... mprotect resumed>) = 0 [pid 5209] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5211 attached [pid 5210] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] <... clone resumed>, parent_tid=[5211], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5211 [pid 5209] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5211] set_robust_list(0x7f80413359e0, 24 [pid 5210] <... futex resumed>) = 0 [pid 5211] <... set_robust_list resumed>) = 0 [pid 5210] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5211] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5211] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5211] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5209] <... futex resumed>) = 0 [pid 5209] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5209] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5211] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5210] <... futex resumed>) = 0 [pid 5210] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5210] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5209] <... futex resumed>) = 0 [pid 5209] exit_group(0) = ? [pid 5211] <... futex resumed>) = ? [pid 5210] +++ exited with 0 +++ [pid 5211] +++ exited with 0 +++ [pid 5209] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5209, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./70/binderfs") = 0 umount2("./70/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./70/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./70/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./70/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5212 ./strace-static-x86_64: Process 5212 attached [pid 5212] set_robust_list(0x555555e366e0, 24) = 0 [pid 5212] chdir("./71") = 0 [pid 5212] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5212] setpgid(0, 0) = 0 [pid 5212] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5212] write(3, "1000", 4) = 4 [pid 5212] close(3) = 0 [pid 5212] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5212] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5212] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5212] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5212] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5213 attached [pid 5213] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5213] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5212] <... clone resumed>, parent_tid=[5213], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5213 [pid 5212] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5212] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5213] <... futex resumed>) = 0 [pid 5213] memfd_create("syzkaller", 0) = 3 [pid 5213] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5213] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5213] munmap(0x7f8041316000, 131072) = 0 [pid 5213] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 51.552528][ T5210] loop0: detected capacity change from 0 to 256 [ 51.559916][ T5210] exfat: Deprecated parameter 'utf8' [ 51.568443][ T5210] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5213] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5213] close(3) = 0 [pid 5213] mkdir("./file2", 0777) = 0 [pid 5213] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5213] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5213] chdir("./file2") = 0 [pid 5213] ioctl(4, LOOP_CLR_FD) = 0 [pid 5213] close(4) = 0 [pid 5213] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5212] <... futex resumed>) = 0 [pid 5212] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5212] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5213] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5213] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5212] <... futex resumed>) = 0 [pid 5212] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5212] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5213] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5213] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5212] <... futex resumed>) = 0 [pid 5212] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5212] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5213] write(4, "\x00\x00", 2) = 2 [pid 5213] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5212] <... futex resumed>) = 0 [pid 5212] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5212] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5212] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5213] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5212] <... mmap resumed>) = 0x7f8041315000 [pid 5212] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5212] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5214], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5214 ./strace-static-x86_64: Process 5214 attached [pid 5213] <... mmap resumed>) = 0x20000000 [pid 5212] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5212] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5214] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5214] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5214] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5214] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5212] <... futex resumed>) = 0 [pid 5212] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5212] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5214] <... futex resumed>) = 1 [pid 5214] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5214] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5212] <... futex resumed>) = 0 [pid 5214] <... futex resumed>) = 1 [pid 5214] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5213] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5213] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5212] exit_group(0) = ? [pid 5213] <... futex resumed>) = ? [pid 5214] <... futex resumed>) = ? [pid 5214] +++ exited with 0 +++ [pid 5213] +++ exited with 0 +++ [pid 5212] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5212, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./71/binderfs") = 0 umount2("./71/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./71/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./71/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./71/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 51.631718][ T5213] loop0: detected capacity change from 0 to 256 [ 51.639370][ T5213] exfat: Deprecated parameter 'utf8' [ 51.647683][ T5213] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5215 attached , child_tidptr=0x555555e366d0) = 5215 [pid 5215] set_robust_list(0x555555e366e0, 24) = 0 [pid 5215] chdir("./72") = 0 [pid 5215] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5215] setpgid(0, 0) = 0 [pid 5215] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5215] write(3, "1000", 4) = 4 [pid 5215] close(3) = 0 [pid 5215] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5215] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5215] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5215] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5216 attached [pid 5216] set_robust_list(0x7f80497369e0, 24 [pid 5215] <... clone resumed>, parent_tid=[5216], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5216 [pid 5216] <... set_robust_list resumed>) = 0 [pid 5216] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5215] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5215] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5216] <... futex resumed>) = 0 [pid 5216] memfd_create("syzkaller", 0) = 3 [pid 5216] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5216] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5216] munmap(0x7f8041316000, 131072) = 0 [pid 5216] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5216] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5216] close(3) = 0 [pid 5216] mkdir("./file2", 0777) = 0 [pid 5216] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5216] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5216] chdir("./file2") = 0 [pid 5216] ioctl(4, LOOP_CLR_FD) = 0 [pid 5216] close(4) = 0 [pid 5216] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5215] <... futex resumed>) = 0 [pid 5215] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5216] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5216] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... futex resumed>) = 0 [pid 5215] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5216] <... futex resumed>) = 1 [pid 5216] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5216] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5215] <... futex resumed>) = 0 [pid 5215] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5216] write(4, "\x00\x00", 2) = 2 [pid 5216] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5215] <... futex resumed>) = 0 [pid 5215] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5216] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5215] <... mmap resumed>) = 0x7f8041315000 [pid 5215] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5215] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5217], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5217 ./strace-static-x86_64: Process 5217 attached [pid 5216] <... mmap resumed>) = 0x20000000 [pid 5215] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5217] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5217] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5217] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5217] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... futex resumed>) = 0 [pid 5215] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5217] <... futex resumed>) = 1 [pid 5217] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5217] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... futex resumed>) = 0 [pid 5217] <... futex resumed>) = 1 [pid 5217] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5216] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5216] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5215] exit_group(0) = ? [pid 5217] <... futex resumed>) = ? [pid 5217] +++ exited with 0 +++ [pid 5216] <... futex resumed>) = ? [pid 5216] +++ exited with 0 +++ [pid 5215] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5215, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./72/binderfs") = 0 umount2("./72/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./72/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./72/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./72/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5218 ./strace-static-x86_64: Process 5218 attached [pid 5218] set_robust_list(0x555555e366e0, 24) = 0 [pid 5218] chdir("./73") = 0 [pid 5218] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5218] setpgid(0, 0) = 0 [pid 5218] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5218] write(3, "1000", 4) = 4 [pid 5218] close(3) = 0 [pid 5218] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5218] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5218] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5218] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5218] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5219], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5219 [pid 5218] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5218] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5219 attached [pid 5219] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5219] memfd_create("syzkaller", 0) = 3 [pid 5219] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5219] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5219] munmap(0x7f8041316000, 131072) = 0 [pid 5219] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 51.733730][ T5216] loop0: detected capacity change from 0 to 256 [ 51.741750][ T5216] exfat: Deprecated parameter 'utf8' [ 51.749633][ T5216] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5219] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5219] close(3) = 0 [pid 5219] mkdir("./file2", 0777) = 0 [pid 5219] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5219] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5219] chdir("./file2") = 0 [pid 5219] ioctl(4, LOOP_CLR_FD) = 0 [pid 5219] close(4) = 0 [pid 5219] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5219] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5218] <... futex resumed>) = 0 [pid 5218] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5219] <... futex resumed>) = 0 [pid 5219] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5218] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5219] <... openat resumed>) = 4 [pid 5219] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5218] <... futex resumed>) = 0 [pid 5218] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5218] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5219] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5219] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5218] <... futex resumed>) = 0 [pid 5218] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5218] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5219] write(4, "\x00\x00", 2) = 2 [pid 5219] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5218] <... futex resumed>) = 0 [pid 5218] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5218] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5218] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5219] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5218] <... mmap resumed>) = 0x7f8041315000 [pid 5218] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE [pid 5219] <... mmap resumed>) = 0x20000000 [pid 5218] <... mprotect resumed>) = 0 [pid 5218] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5219] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5220 attached [pid 5218] <... clone resumed>, parent_tid=[5220], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5220 [pid 5218] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5220] set_robust_list(0x7f80413359e0, 24 [pid 5219] <... futex resumed>) = 0 [pid 5218] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] <... set_robust_list resumed>) = 0 [pid 5219] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5220] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5220] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5220] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5218] <... futex resumed>) = 0 [pid 5218] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5218] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5219] <... futex resumed>) = 0 [pid 5219] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5219] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5218] <... futex resumed>) = 0 [pid 5219] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5218] exit_group(0) = ? [pid 5220] <... futex resumed>) = ? [pid 5219] <... futex resumed>) = ? [pid 5219] +++ exited with 0 +++ [pid 5220] +++ exited with 0 +++ [pid 5218] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5218, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./73/binderfs") = 0 umount2("./73/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./73/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./73/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./73/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5221 ./strace-static-x86_64: Process 5221 attached [pid 5221] set_robust_list(0x555555e366e0, 24) = 0 [pid 5221] chdir("./74") = 0 [pid 5221] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5221] setpgid(0, 0) = 0 [pid 5221] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5221] write(3, "1000", 4) = 4 [pid 5221] close(3) = 0 [pid 5221] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5221] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5221] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5221] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5221] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5222 attached , parent_tid=[5222], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5222 [pid 5222] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5222] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5221] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5222] <... futex resumed>) = 0 [pid 5222] memfd_create("syzkaller", 0 [pid 5221] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5222] <... memfd_create resumed>) = 3 [pid 5222] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5222] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5222] munmap(0x7f8041316000, 131072) = 0 [pid 5222] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 51.797939][ T5219] loop0: detected capacity change from 0 to 256 [ 51.805919][ T5219] exfat: Deprecated parameter 'utf8' [ 51.813922][ T5219] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5222] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5222] close(3) = 0 [pid 5222] mkdir("./file2", 0777) = 0 [pid 5222] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5222] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5222] chdir("./file2") = 0 [pid 5222] ioctl(4, LOOP_CLR_FD) = 0 [pid 5222] close(4) = 0 [pid 5222] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5221] <... futex resumed>) = 0 [pid 5221] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5221] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5222] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5222] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5222] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5221] <... futex resumed>) = 0 [pid 5221] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5222] <... futex resumed>) = 0 [pid 5222] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5221] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5222] <... openat resumed>) = 5 [pid 5222] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5221] <... futex resumed>) = 0 [pid 5221] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5221] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5222] write(4, "\x00\x00", 2) = 2 [pid 5222] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5221] <... futex resumed>) = 0 [pid 5221] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5221] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5221] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5222] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5221] <... mmap resumed>) = 0x7f8041315000 [pid 5221] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5221] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5223 attached [pid 5222] <... mmap resumed>) = 0x20000000 [pid 5221] <... clone resumed>, parent_tid=[5223], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5223 [pid 5221] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5221] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5223] set_robust_list(0x7f80413359e0, 24 [pid 5222] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] <... set_robust_list resumed>) = 0 [pid 5222] <... futex resumed>) = 0 [pid 5222] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5223] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5223] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5223] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5221] <... futex resumed>) = 0 [pid 5221] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5221] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5223] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5222] <... futex resumed>) = 0 [pid 5222] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5222] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5221] <... futex resumed>) = 0 [pid 5221] exit_group(0) = ? [pid 5223] <... futex resumed>) = ? [pid 5222] +++ exited with 0 +++ [pid 5223] +++ exited with 0 +++ [pid 5221] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5221, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./74/binderfs") = 0 [ 51.861081][ T5222] loop0: detected capacity change from 0 to 256 [ 51.868761][ T5222] exfat: Deprecated parameter 'utf8' [ 51.876415][ T5222] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./74/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./74/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./74/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./74/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5224 ./strace-static-x86_64: Process 5224 attached [pid 5224] set_robust_list(0x555555e366e0, 24) = 0 [pid 5224] chdir("./75") = 0 [pid 5224] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5224] setpgid(0, 0) = 0 [pid 5224] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5224] write(3, "1000", 4) = 4 [pid 5224] close(3) = 0 [pid 5224] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5224] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5224] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5224] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5224] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5225], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5225 [pid 5224] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5224] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5225 attached [pid 5225] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5225] memfd_create("syzkaller", 0) = 3 [pid 5225] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5225] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5225] munmap(0x7f8041316000, 131072) = 0 [pid 5225] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5225] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5225] close(3) = 0 [pid 5225] mkdir("./file2", 0777) = 0 [pid 5225] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5225] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5225] chdir("./file2") = 0 [pid 5225] ioctl(4, LOOP_CLR_FD) = 0 [pid 5225] close(4) = 0 [pid 5225] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... futex resumed>) = 0 [pid 5225] <... futex resumed>) = 1 [pid 5224] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5225] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5224] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5225] <... openat resumed>) = 4 [pid 5225] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5224] <... futex resumed>) = 0 [pid 5225] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5224] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5224] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5225] <... openat resumed>) = 5 [pid 5225] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5224] <... futex resumed>) = 0 [pid 5225] write(4, "\x00\x00", 2 [pid 5224] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5224] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5225] <... write resumed>) = 2 [pid 5225] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5224] <... futex resumed>) = 0 [pid 5224] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5224] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5224] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5225] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5224] <... mmap resumed>) = 0x7f8041315000 [pid 5224] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5224] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5226], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5226 ./strace-static-x86_64: Process 5226 attached [pid 5225] <... mmap resumed>) = 0x20000000 [pid 5224] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5224] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5226] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5226] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5226] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5226] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... futex resumed>) = 0 [pid 5224] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5224] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5226] <... futex resumed>) = 1 [pid 5226] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5226] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... futex resumed>) = 0 [pid 5226] <... futex resumed>) = 1 [pid 5226] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5225] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5225] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5224] exit_group(0) = ? [pid 5225] <... futex resumed>) = ? [pid 5226] <... futex resumed>) = ? [pid 5226] +++ exited with 0 +++ [pid 5225] +++ exited with 0 +++ [pid 5224] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5224, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./75/binderfs") = 0 umount2("./75/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./75/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./75/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./75/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5227 attached , child_tidptr=0x555555e366d0) = 5227 [pid 5227] set_robust_list(0x555555e366e0, 24) = 0 [pid 5227] chdir("./76") = 0 [pid 5227] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5227] setpgid(0, 0) = 0 [pid 5227] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5227] write(3, "1000", 4) = 4 [pid 5227] close(3) = 0 [pid 5227] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5227] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5227] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5227] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5228], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5228 [pid 5227] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5228 attached [pid 5228] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5228] memfd_create("syzkaller", 0) = 3 [pid 5228] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5228] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5228] munmap(0x7f8041316000, 131072) = 0 [pid 5228] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 51.920674][ T5225] loop0: detected capacity change from 0 to 256 [ 51.928452][ T5225] exfat: Deprecated parameter 'utf8' [ 51.936324][ T5225] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5228] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5228] close(3) = 0 [pid 5228] mkdir("./file2", 0777) = 0 [pid 5228] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5228] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5228] chdir("./file2") = 0 [pid 5228] ioctl(4, LOOP_CLR_FD) = 0 [pid 5228] close(4) = 0 [pid 5228] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5228] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5227] <... futex resumed>) = 0 [pid 5227] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5227] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5228] <... futex resumed>) = 0 [pid 5228] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5228] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5227] <... futex resumed>) = 0 [pid 5227] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5228] <... futex resumed>) = 1 [pid 5228] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5228] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5227] <... futex resumed>) = 0 [pid 5227] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5228] write(4, "\x00\x00", 2) = 2 [pid 5228] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5227] <... futex resumed>) = 0 [pid 5227] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5227] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5227] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5229], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5229 [pid 5227] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5229 attached [pid 5229] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5229] openat(AT_FDCWD, "./file0", O_RDONLY) = 6 [pid 5229] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5227] <... futex resumed>) = 0 [pid 5227] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5229] <... futex resumed>) = 1 [pid 5229] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 5229] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5227] <... futex resumed>) = 0 [pid 5229] <... futex resumed>) = 1 [pid 5229] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5228] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5228] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5227] exit_group(0) = ? [pid 5228] <... futex resumed>) = ? [pid 5229] <... futex resumed>) = ? [pid 5229] +++ exited with 0 +++ [pid 5228] +++ exited with 0 +++ [pid 5227] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5227, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./76/binderfs") = 0 umount2("./76/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./76/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./76/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./76/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5230 ./strace-static-x86_64: Process 5230 attached [pid 5230] set_robust_list(0x555555e366e0, 24) = 0 [pid 5230] chdir("./77") = 0 [pid 5230] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5230] setpgid(0, 0) = 0 [pid 5230] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5230] write(3, "1000", 4) = 4 [pid 5230] close(3) = 0 [pid 5230] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5230] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5230] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5230] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5231], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5231 [pid 5230] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5231 attached [pid 5231] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5231] memfd_create("syzkaller", 0) = 3 [pid 5231] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5231] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5231] munmap(0x7f8041316000, 131072) = 0 [pid 5231] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 51.982708][ T5228] loop0: detected capacity change from 0 to 256 [ 51.990295][ T5228] exfat: Deprecated parameter 'utf8' [ 51.998471][ T5228] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5231] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5231] close(3) = 0 [pid 5231] mkdir("./file2", 0777) = 0 [pid 5231] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5231] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5231] chdir("./file2") = 0 [pid 5231] ioctl(4, LOOP_CLR_FD) = 0 [pid 5231] close(4) = 0 [pid 5231] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5230] <... futex resumed>) = 0 [pid 5230] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5231] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5231] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5230] <... futex resumed>) = 0 [pid 5230] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5231] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5231] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5230] <... futex resumed>) = 0 [pid 5230] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5231] write(4, "\x00\x00", 2) = 2 [pid 5231] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5230] <... futex resumed>) = 0 [pid 5230] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5231] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5230] <... mmap resumed>) = 0x7f8041315000 [pid 5230] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5230] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5232], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5232 ./strace-static-x86_64: Process 5232 attached [pid 5231] <... mmap resumed>) = 0x20000000 [pid 5230] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5232] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5232] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5232] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5232] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] <... futex resumed>) = 0 [pid 5230] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5232] <... futex resumed>) = 1 [pid 5232] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5232] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] <... futex resumed>) = 0 [pid 5232] <... futex resumed>) = 1 [pid 5232] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5231] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5231] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5230] exit_group(0) = ? [pid 5232] <... futex resumed>) = ? [pid 5232] +++ exited with 0 +++ [pid 5231] <... futex resumed>) = ? [pid 5231] +++ exited with 0 +++ [pid 5230] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5230, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./77/binderfs") = 0 umount2("./77/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./77/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./77/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./77/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5233 ./strace-static-x86_64: Process 5233 attached [pid 5233] set_robust_list(0x555555e366e0, 24) = 0 [pid 5233] chdir("./78") = 0 [pid 5233] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5233] setpgid(0, 0) = 0 [pid 5233] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5233] write(3, "1000", 4) = 4 [pid 5233] close(3) = 0 [pid 5233] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5233] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5233] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5233] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5234 attached [pid 5234] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5234] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5233] <... clone resumed>, parent_tid=[5234], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5234 [pid 5233] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5234] <... futex resumed>) = 0 [pid 5234] memfd_create("syzkaller", 0) = 3 [pid 5234] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5233] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5234] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5234] munmap(0x7f8041316000, 131072) = 0 [pid 5234] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 52.047610][ T5231] loop0: detected capacity change from 0 to 256 [ 52.055092][ T5231] exfat: Deprecated parameter 'utf8' [ 52.063138][ T5231] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5234] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5234] close(3) = 0 [pid 5234] mkdir("./file2", 0777) = 0 [pid 5234] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5234] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5234] chdir("./file2") = 0 [pid 5234] ioctl(4, LOOP_CLR_FD) = 0 [pid 5234] close(4) = 0 [pid 5234] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] <... futex resumed>) = 0 [pid 5233] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5234] <... futex resumed>) = 1 [pid 5234] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5234] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] <... futex resumed>) = 0 [pid 5233] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5234] <... futex resumed>) = 1 [pid 5234] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5234] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5233] <... futex resumed>) = 0 [pid 5234] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5233] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5234] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5234] write(4, "\x00\x00", 2) = 2 [pid 5234] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5233] <... futex resumed>) = 0 [pid 5233] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5234] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5233] <... mmap resumed>) = 0x7f8041315000 [pid 5233] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5233] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5235], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5235 ./strace-static-x86_64: Process 5235 attached [pid 5234] <... mmap resumed>) = 0x20000000 [pid 5233] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5235] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5234] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5235] openat(AT_FDCWD, "", O_RDONLY [pid 5234] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5235] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5235] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] <... futex resumed>) = 0 [pid 5233] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5234] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5235] <... futex resumed>) = 1 [pid 5235] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5234] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5234] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5233] <... futex resumed>) = 0 [pid 5233] exit_group(0) = ? [pid 5235] <... futex resumed>) = ? [pid 5234] +++ exited with 0 +++ [pid 5235] +++ exited with 0 +++ [pid 5233] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5233, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./78/binderfs") = 0 umount2("./78/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./78/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./78/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./78/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5236 attached , child_tidptr=0x555555e366d0) = 5236 [pid 5236] set_robust_list(0x555555e366e0, 24) = 0 [pid 5236] chdir("./79") = 0 [pid 5236] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5236] setpgid(0, 0) = 0 [pid 5236] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5236] write(3, "1000", 4) = 4 [pid 5236] close(3) = 0 [pid 5236] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5236] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5236] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5236] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5236] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5237 attached [pid 5237] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5237] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5236] <... clone resumed>, parent_tid=[5237], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5237 [pid 5236] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5236] <... futex resumed>) = 0 [pid 5236] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5237] memfd_create("syzkaller", 0) = 3 [pid 5237] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5237] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5237] munmap(0x7f8041316000, 131072) = 0 [pid 5237] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 52.116626][ T5234] loop0: detected capacity change from 0 to 256 [ 52.124262][ T5234] exfat: Deprecated parameter 'utf8' [ 52.132634][ T5234] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5237] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5237] close(3) = 0 [pid 5237] mkdir("./file2", 0777) = 0 [pid 5237] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5237] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5237] chdir("./file2") = 0 [pid 5237] ioctl(4, LOOP_CLR_FD) = 0 [pid 5237] close(4) = 0 [pid 5237] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5236] <... futex resumed>) = 0 [pid 5236] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5236] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5237] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5237] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5236] <... futex resumed>) = 0 [pid 5236] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5236] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5237] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5237] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5236] <... futex resumed>) = 0 [pid 5236] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5236] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5237] write(4, "\x00\x00", 2) = 2 [pid 5237] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5236] <... futex resumed>) = 0 [pid 5236] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5236] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5236] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5237] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5236] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5236] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5238], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5238 [pid 5236] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5236] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5238 attached [pid 5238] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5238] openat(AT_FDCWD, "./file0", O_RDONLY) = 6 [pid 5238] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] <... futex resumed>) = 0 [pid 5236] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5236] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] <... futex resumed>) = 1 [pid 5237] <... mmap resumed>) = 0x20000000 [pid 5238] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 5238] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] <... futex resumed>) = 0 [pid 5238] <... futex resumed>) = 1 [pid 5238] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5237] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5237] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5236] exit_group(0) = ? [pid 5238] <... futex resumed>) = ? [pid 5237] <... futex resumed>) = ? [pid 5238] +++ exited with 0 +++ [pid 5237] +++ exited with 0 +++ [pid 5236] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5236, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./79/binderfs") = 0 umount2("./79/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./79/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./79/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./79/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5239 attached [pid 5239] set_robust_list(0x555555e366e0, 24 [pid 4997] <... clone resumed>, child_tidptr=0x555555e366d0) = 5239 [pid 5239] <... set_robust_list resumed>) = 0 [pid 5239] chdir("./80") = 0 [pid 5239] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5239] setpgid(0, 0) = 0 [pid 5239] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5239] write(3, "1000", 4) = 4 [pid 5239] close(3) = 0 [pid 5239] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5239] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5239] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5239] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5240 attached [pid 5240] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5240] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5239] <... clone resumed>, parent_tid=[5240], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5240 [pid 5239] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5240] <... futex resumed>) = 0 [pid 5240] memfd_create("syzkaller", 0 [pid 5239] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5240] <... memfd_create resumed>) = 3 [pid 5240] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5240] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5240] munmap(0x7f8041316000, 131072) = 0 [pid 5240] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 52.188527][ T5237] loop0: detected capacity change from 0 to 256 [ 52.196676][ T5237] exfat: Deprecated parameter 'utf8' [ 52.204848][ T5237] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5240] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5240] close(3) = 0 [pid 5240] mkdir("./file2", 0777) = 0 [pid 5240] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5240] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5240] chdir("./file2") = 0 [pid 5240] ioctl(4, LOOP_CLR_FD) = 0 [pid 5240] close(4) = 0 [pid 5240] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5239] <... futex resumed>) = 0 [pid 5239] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5240] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5239] <... futex resumed>) = 0 [pid 5239] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5240] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5239] <... futex resumed>) = 0 [pid 5239] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] write(4, "\x00\x00", 2) = 2 [pid 5240] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5239] <... futex resumed>) = 0 [pid 5239] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5240] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5239] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5239] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5241], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5241 ./strace-static-x86_64: Process 5241 attached [pid 5240] <... mmap resumed>) = 0x20000000 [pid 5239] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5241] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5241] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5241] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] <... futex resumed>) = 0 [pid 5239] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] <... futex resumed>) = 1 [pid 5241] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5241] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] <... futex resumed>) = 0 [pid 5241] <... futex resumed>) = 1 [pid 5241] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5240] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5240] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5239] exit_group(0 [pid 5240] <... futex resumed>) = ? [pid 5239] <... exit_group resumed>) = ? [pid 5240] +++ exited with 0 +++ [pid 5241] <... futex resumed>) = ? [pid 5241] +++ exited with 0 +++ [pid 5239] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5239, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./80/binderfs") = 0 umount2("./80/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./80/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./80/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./80/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5242 ./strace-static-x86_64: Process 5242 attached [pid 5242] set_robust_list(0x555555e366e0, 24) = 0 [pid 5242] chdir("./81") = 0 [pid 5242] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5242] setpgid(0, 0) = 0 [pid 5242] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5242] write(3, "1000", 4) = 4 [pid 5242] close(3) = 0 [pid 5242] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5242] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5242] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5242] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5242] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5243], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5243 [pid 5242] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5242] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5243 attached [pid 5243] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5243] memfd_create("syzkaller", 0) = 3 [pid 5243] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5243] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5243] munmap(0x7f8041316000, 131072) = 0 [pid 5243] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 52.259702][ T5240] loop0: detected capacity change from 0 to 256 [ 52.267996][ T5240] exfat: Deprecated parameter 'utf8' [ 52.275642][ T5240] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5243] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5243] close(3) = 0 [pid 5243] mkdir("./file2", 0777) = 0 [pid 5243] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5243] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5243] chdir("./file2") = 0 [pid 5243] ioctl(4, LOOP_CLR_FD) = 0 [pid 5243] close(4) = 0 [pid 5243] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] <... futex resumed>) = 0 [pid 5242] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5242] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5243] <... futex resumed>) = 1 [pid 5243] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5243] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] <... futex resumed>) = 0 [pid 5242] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5242] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5243] <... futex resumed>) = 1 [pid 5243] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5243] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] <... futex resumed>) = 0 [pid 5242] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5242] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5243] <... futex resumed>) = 1 [pid 5243] write(4, "\x00\x00", 2) = 2 [pid 5243] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] <... futex resumed>) = 0 [pid 5242] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5242] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5242] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5242] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5242] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5244], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5244 [pid 5242] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5242] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5243] <... futex resumed>) = 1 [pid 5243] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5243] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5243] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5244 attached [pid 5244] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5244] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5244] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5244] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] <... futex resumed>) = 0 [pid 5242] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5242] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5243] <... futex resumed>) = 0 [pid 5243] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5243] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] <... futex resumed>) = 0 [pid 5242] exit_group(0) = ? [pid 5243] <... futex resumed>) = ? [pid 5243] +++ exited with 0 +++ [pid 5244] <... futex resumed>) = ? [pid 5244] +++ exited with 0 +++ [pid 5242] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5242, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./81/binderfs") = 0 umount2("./81/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./81/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./81/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./81/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5245 ./strace-static-x86_64: Process 5245 attached [pid 5245] set_robust_list(0x555555e366e0, 24) = 0 [pid 5245] chdir("./82") = 0 [pid 5245] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5245] setpgid(0, 0) = 0 [pid 5245] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5245] write(3, "1000", 4) = 4 [pid 5245] close(3) = 0 [pid 5245] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5245] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5245] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5245] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5246], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5246 [pid 5245] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5246 attached [pid 5246] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5246] memfd_create("syzkaller", 0) = 3 [pid 5246] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5246] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5246] munmap(0x7f8041316000, 131072) = 0 [pid 5246] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 52.317405][ T5243] loop0: detected capacity change from 0 to 256 [ 52.324772][ T5243] exfat: Deprecated parameter 'utf8' [ 52.332965][ T5243] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5246] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5246] close(3) = 0 [pid 5246] mkdir("./file2", 0777) = 0 [pid 5246] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5246] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5246] chdir("./file2") = 0 [pid 5246] ioctl(4, LOOP_CLR_FD) = 0 [pid 5246] close(4) = 0 [pid 5246] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5245] <... futex resumed>) = 0 [pid 5245] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5246] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5245] <... futex resumed>) = 0 [pid 5245] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] <... openat resumed>) = 4 [pid 5246] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5245] <... futex resumed>) = 0 [pid 5245] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5246] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5245] <... futex resumed>) = 0 [pid 5245] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] <... openat resumed>) = 5 [pid 5246] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5245] <... futex resumed>) = 0 [pid 5245] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5246] write(4, "\x00\x00", 2 [pid 5245] <... futex resumed>) = 0 [pid 5245] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] <... write resumed>) = 2 [pid 5246] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5245] <... futex resumed>) = 0 [pid 5246] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5245] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5246] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5245] <... futex resumed>) = 0 [pid 5246] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5245] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5246] <... mmap resumed>) = 0x20000000 [pid 5246] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5246] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5245] <... mmap resumed>) = 0x7f8041315000 [pid 5245] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5245] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5247 attached [pid 5247] set_robust_list(0x7f80413359e0, 24 [pid 5245] <... clone resumed>, parent_tid=[5247], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5247 [pid 5247] <... set_robust_list resumed>) = 0 [pid 5245] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5245] <... futex resumed>) = 0 [pid 5245] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5247] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5247] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5245] <... futex resumed>) = 0 [pid 5245] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5247] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5245] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] <... futex resumed>) = 0 [pid 5246] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5246] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5245] <... futex resumed>) = 0 [pid 5246] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5245] exit_group(0 [pid 5246] <... futex resumed>) = ? [pid 5245] <... exit_group resumed>) = ? [pid 5246] +++ exited with 0 +++ [pid 5247] <... futex resumed>) = ? [pid 5247] +++ exited with 0 +++ [pid 5245] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5245, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./82/binderfs") = 0 umount2("./82/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./82/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./82/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./82/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5248 ./strace-static-x86_64: Process 5248 attached [pid 5248] set_robust_list(0x555555e366e0, 24) = 0 [pid 5248] chdir("./83") = 0 [pid 5248] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5248] setpgid(0, 0) = 0 [pid 5248] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5248] write(3, "1000", 4) = 4 [pid 5248] close(3) = 0 [pid 5248] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5248] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5248] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5248] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5248] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5249], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5249 [pid 5248] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5248] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5249 attached [pid 5249] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5249] memfd_create("syzkaller", 0) = 3 [pid 5249] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5249] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [ 52.366746][ T5246] loop0: detected capacity change from 0 to 256 [ 52.374992][ T5246] exfat: Deprecated parameter 'utf8' [ 52.382869][ T5246] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5249] munmap(0x7f8041316000, 131072) = 0 [pid 5249] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5249] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5249] close(3) = 0 [pid 5249] mkdir("./file2", 0777) = 0 [pid 5249] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5249] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5249] chdir("./file2") = 0 [pid 5249] ioctl(4, LOOP_CLR_FD) = 0 [pid 5249] close(4) = 0 [pid 5249] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5248] <... futex resumed>) = 0 [pid 5248] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5248] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5249] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5249] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5248] <... futex resumed>) = 0 [pid 5248] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5248] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5249] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5249] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5248] <... futex resumed>) = 0 [pid 5248] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5248] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5249] write(4, "\x00\x00", 2) = 2 [pid 5249] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5248] <... futex resumed>) = 0 [pid 5248] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5248] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5248] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5249] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5248] <... mmap resumed>) = 0x7f8041315000 [pid 5248] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5248] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5250], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5250 ./strace-static-x86_64: Process 5250 attached [pid 5249] <... mmap resumed>) = 0x20000000 [pid 5248] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5248] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5250] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5250] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5250] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5250] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] <... futex resumed>) = 0 [pid 5248] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5248] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5250] <... futex resumed>) = 1 [pid 5250] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5250] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] <... futex resumed>) = 0 [pid 5250] <... futex resumed>) = 1 [pid 5249] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5250] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5248] exit_group(0) = ? [pid 5250] <... futex resumed>) = ? [pid 5250] +++ exited with 0 +++ [pid 5249] <... futex resumed>) = ? [pid 5249] +++ exited with 0 +++ [pid 5248] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5248, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./83/binderfs") = 0 umount2("./83/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./83/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./83/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./83/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./83/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5251 ./strace-static-x86_64: Process 5251 attached [pid 5251] set_robust_list(0x555555e366e0, 24) = 0 [pid 5251] chdir("./84") = 0 [pid 5251] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5251] setpgid(0, 0) = 0 [pid 5251] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5251] write(3, "1000", 4) = 4 [pid 5251] close(3) = 0 [pid 5251] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5251] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5251] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5251] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5252], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5252 [pid 5251] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5252 attached [pid 5252] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5252] memfd_create("syzkaller", 0) = 3 [pid 5252] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5252] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [ 52.443804][ T5249] loop0: detected capacity change from 0 to 256 [ 52.451416][ T5249] exfat: Deprecated parameter 'utf8' [ 52.460033][ T5249] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5252] munmap(0x7f8041316000, 131072) = 0 [pid 5252] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5252] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5252] close(3) = 0 [pid 5252] mkdir("./file2", 0777) = 0 [pid 5252] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5252] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5252] chdir("./file2") = 0 [pid 5252] ioctl(4, LOOP_CLR_FD) = 0 [pid 5252] close(4) = 0 [pid 5252] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5252] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5252] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] write(4, "\x00\x00", 2) = 2 [pid 5252] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5252] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5251] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5251] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5253], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5253 [pid 5251] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5253 attached [pid 5253] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5253] openat(AT_FDCWD, "./file0", O_RDONLY) = 6 [pid 5253] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5253] <... futex resumed>) = 1 [pid 5252] <... mmap resumed>) = 0x20000000 [pid 5253] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 5253] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... futex resumed>) = 0 [pid 5253] <... futex resumed>) = 1 [pid 5253] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5252] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5252] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5251] exit_group(0 [pid 5252] <... futex resumed>) = ? [pid 5251] <... exit_group resumed>) = ? [pid 5252] +++ exited with 0 +++ [pid 5253] <... futex resumed>) = ? [pid 5253] +++ exited with 0 +++ [pid 5251] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5251, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./84/binderfs") = 0 umount2("./84/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./84/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./84/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./84/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5254 ./strace-static-x86_64: Process 5254 attached [pid 5254] set_robust_list(0x555555e366e0, 24) = 0 [pid 5254] chdir("./85") = 0 [pid 5254] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5254] setpgid(0, 0) = 0 [pid 5254] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5254] write(3, "1000", 4) = 4 [pid 5254] close(3) = 0 [pid 5254] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5254] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5254] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5254] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5254] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5255], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5255 [pid 5254] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5254] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5255 attached [pid 5255] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5255] memfd_create("syzkaller", 0) = 3 [pid 5255] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5255] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5255] munmap(0x7f8041316000, 131072) = 0 [pid 5255] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 52.512572][ T5252] loop0: detected capacity change from 0 to 256 [ 52.520129][ T5252] exfat: Deprecated parameter 'utf8' [ 52.528476][ T5252] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5255] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5255] close(3) = 0 [pid 5255] mkdir("./file2", 0777) = 0 [pid 5255] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5255] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5255] chdir("./file2") = 0 [pid 5255] ioctl(4, LOOP_CLR_FD) = 0 [pid 5255] close(4) = 0 [pid 5255] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5254] <... futex resumed>) = 0 [pid 5254] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5254] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5255] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5255] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5254] <... futex resumed>) = 0 [pid 5254] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5254] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5255] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5255] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5254] <... futex resumed>) = 0 [pid 5255] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5254] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5255] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5254] <... futex resumed>) = 0 [pid 5255] write(4, "\x00\x00", 2 [pid 5254] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5255] <... write resumed>) = 2 [pid 5255] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5254] <... futex resumed>) = 0 [pid 5254] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5255] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5254] <... futex resumed>) = 0 [pid 5254] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5254] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5254] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE [pid 5255] <... mmap resumed>) = 0x20000000 [pid 5254] <... mprotect resumed>) = 0 [pid 5254] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5256], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5256 [pid 5255] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5254] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5254] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5256 attached [pid 5255] <... futex resumed>) = 0 [pid 5256] set_robust_list(0x7f80413359e0, 24 [pid 5255] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] <... set_robust_list resumed>) = 0 [pid 5256] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5256] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5256] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5254] <... futex resumed>) = 0 [pid 5254] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5254] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] <... futex resumed>) = 1 [pid 5255] <... futex resumed>) = 0 [pid 5256] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5255] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5255] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5254] <... futex resumed>) = 0 [pid 5254] exit_group(0) = ? [pid 5255] +++ exited with 0 +++ [pid 5256] <... futex resumed>) = ? [pid 5256] +++ exited with 0 +++ [pid 5254] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5254, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./85/binderfs") = 0 umount2("./85/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./85/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./85/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./85/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./85/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5257 ./strace-static-x86_64: Process 5257 attached [pid 5257] set_robust_list(0x555555e366e0, 24) = 0 [pid 5257] chdir("./86") = 0 [pid 5257] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5257] setpgid(0, 0) = 0 [pid 5257] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5257] write(3, "1000", 4) = 4 [pid 5257] close(3) = 0 [pid 5257] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5257] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5257] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5257] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5257] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5258], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5258 [pid 5257] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5257] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5258 attached [pid 5258] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5258] memfd_create("syzkaller", 0) = 3 [pid 5258] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5258] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5258] munmap(0x7f8041316000, 131072) = 0 [pid 5258] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 52.571775][ T5255] loop0: detected capacity change from 0 to 256 [ 52.579476][ T5255] exfat: Deprecated parameter 'utf8' [ 52.587321][ T5255] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5258] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5258] close(3) = 0 [pid 5258] mkdir("./file2", 0777) = 0 [pid 5258] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5258] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5258] chdir("./file2") = 0 [pid 5258] ioctl(4, LOOP_CLR_FD) = 0 [pid 5258] close(4) = 0 [pid 5258] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5257] <... futex resumed>) = 0 [pid 5257] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5257] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5258] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5258] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5257] <... futex resumed>) = 0 [pid 5257] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5257] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5258] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5258] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5257] <... futex resumed>) = 0 [pid 5257] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5257] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5258] write(4, "\x00\x00", 2) = 2 [pid 5258] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5257] <... futex resumed>) = 0 [pid 5257] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5257] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5257] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5258] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5257] <... mmap resumed>) = 0x7f8041315000 [pid 5257] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5257] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5259], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5259 ./strace-static-x86_64: Process 5259 attached [pid 5258] <... mmap resumed>) = 0x20000000 [pid 5257] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5257] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5259] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5259] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5259] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5259] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... futex resumed>) = 0 [pid 5257] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5257] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5259] <... futex resumed>) = 1 [pid 5259] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5259] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... futex resumed>) = 0 [pid 5259] <... futex resumed>) = 1 [pid 5259] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5258] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5258] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5257] exit_group(0) = ? [pid 5258] <... futex resumed>) = ? [pid 5259] <... futex resumed>) = ? [pid 5259] +++ exited with 0 +++ [pid 5258] +++ exited with 0 +++ [pid 5257] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5257, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./86/binderfs") = 0 umount2("./86/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./86/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./86/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./86/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./86/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5260 ./strace-static-x86_64: Process 5260 attached [pid 5260] set_robust_list(0x555555e366e0, 24) = 0 [pid 5260] chdir("./87") = 0 [pid 5260] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5260] setpgid(0, 0) = 0 [pid 5260] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5260] write(3, "1000", 4) = 4 [pid 5260] close(3) = 0 [pid 5260] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5260] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5260] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5260] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5260] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5261 attached [pid 5261] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5261] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5260] <... clone resumed>, parent_tid=[5261], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5261 [pid 5260] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5261] <... futex resumed>) = 0 [pid 5261] memfd_create("syzkaller", 0) = 3 [pid 5261] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5260] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5261] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5261] munmap(0x7f8041316000, 131072) = 0 [pid 5261] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 52.631219][ T5258] loop0: detected capacity change from 0 to 256 [ 52.638628][ T5258] exfat: Deprecated parameter 'utf8' [ 52.646814][ T5258] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5261] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5261] close(3) = 0 [pid 5261] mkdir("./file2", 0777) = 0 [pid 5261] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5261] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5261] chdir("./file2") = 0 [pid 5261] ioctl(4, LOOP_CLR_FD) = 0 [pid 5261] close(4) = 0 [pid 5261] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5260] <... futex resumed>) = 0 [pid 5260] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5260] <... futex resumed>) = 0 [pid 5260] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5261] <... openat resumed>) = 4 [pid 5261] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5260] <... futex resumed>) = 0 [pid 5261] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5260] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5260] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5261] <... openat resumed>) = 5 [pid 5261] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5261] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5260] <... futex resumed>) = 0 [pid 5260] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5261] <... futex resumed>) = 0 [pid 5261] write(4, "\x00\x00", 2 [pid 5260] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5261] <... write resumed>) = 2 [pid 5261] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5261] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5260] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5260] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5261] <... futex resumed>) = 0 [pid 5260] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5260] <... futex resumed>) = 0 [pid 5260] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5261] <... mmap resumed>) = 0x20000000 [pid 5261] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5261] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5260] <... mmap resumed>) = 0x7f8041315000 [pid 5260] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5260] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5262 attached [pid 5262] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5262] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5260] <... clone resumed>, parent_tid=[5262], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5262 [pid 5260] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5262] <... futex resumed>) = 0 [pid 5260] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5262] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5262] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5262] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5260] <... futex resumed>) = 0 [pid 5262] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5260] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5261] <... futex resumed>) = 0 [pid 5260] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5261] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5261] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5260] <... futex resumed>) = 0 [pid 5261] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5260] exit_group(0 [pid 5261] <... futex resumed>) = ? [pid 5260] <... exit_group resumed>) = ? [pid 5261] +++ exited with 0 +++ [pid 5262] <... futex resumed>) = ? [pid 5262] +++ exited with 0 +++ [pid 5260] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5260, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./87/binderfs") = 0 umount2("./87/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./87/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./87/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./87/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./87/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5263 attached , child_tidptr=0x555555e366d0) = 5263 [pid 5263] set_robust_list(0x555555e366e0, 24) = 0 [pid 5263] chdir("./88") = 0 [pid 5263] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 52.700052][ T5261] loop0: detected capacity change from 0 to 256 [ 52.707513][ T5261] exfat: Deprecated parameter 'utf8' [ 52.715400][ T5261] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5263] setpgid(0, 0) = 0 [pid 5263] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5263] write(3, "1000", 4) = 4 [pid 5263] close(3) = 0 [pid 5263] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5263] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5263] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5263] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5264], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5264 [pid 5263] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5264 attached [pid 5264] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5264] memfd_create("syzkaller", 0) = 3 [pid 5264] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5264] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5264] munmap(0x7f8041316000, 131072) = 0 [pid 5264] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5264] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5264] close(3) = 0 [pid 5264] mkdir("./file2", 0777) = 0 [pid 5264] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5264] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5264] chdir("./file2") = 0 [pid 5264] ioctl(4, LOOP_CLR_FD) = 0 [pid 5264] close(4) = 0 [pid 5264] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5263] <... futex resumed>) = 0 [pid 5263] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5264] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5264] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5263] <... futex resumed>) = 0 [pid 5263] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5264] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5264] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5263] <... futex resumed>) = 0 [pid 5263] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5264] write(4, "\x00\x00", 2) = 2 [pid 5264] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5263] <... futex resumed>) = 0 [pid 5263] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5264] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5263] <... mmap resumed>) = 0x7f8041315000 [pid 5263] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5263] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5265], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5265 ./strace-static-x86_64: Process 5265 attached [pid 5264] <... mmap resumed>) = 0x20000000 [pid 5263] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5265] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5265] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5264] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5265] openat(AT_FDCWD, "", O_RDONLY [pid 5264] <... futex resumed>) = 0 [pid 5265] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5265] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] <... futex resumed>) = 0 [pid 5263] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5265] <... futex resumed>) = 1 [pid 5265] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5264] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5264] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5263] <... futex resumed>) = 0 [pid 5263] exit_group(0) = ? [pid 5264] +++ exited with 0 +++ [pid 5265] <... futex resumed>) = ? [pid 5265] +++ exited with 0 +++ [pid 5263] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5263, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./88/binderfs") = 0 umount2("./88/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./88/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./88/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./88/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./88/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88") = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5266 ./strace-static-x86_64: Process 5266 attached [pid 5266] set_robust_list(0x555555e366e0, 24) = 0 [pid 5266] chdir("./89") = 0 [pid 5266] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5266] setpgid(0, 0) = 0 [pid 5266] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5266] write(3, "1000", 4) = 4 [pid 5266] close(3) = 0 [pid 5266] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5266] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5266] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5266] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5266] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5267 attached [pid 5267] set_robust_list(0x7f80497369e0, 24 [pid 5266] <... clone resumed>, parent_tid=[5267], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5267 [pid 5267] <... set_robust_list resumed>) = 0 [pid 5266] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5267] memfd_create("syzkaller", 0 [pid 5266] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5267] <... memfd_create resumed>) = 3 [pid 5267] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5267] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5267] munmap(0x7f8041316000, 131072) = 0 [pid 5267] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 52.792978][ T5264] loop0: detected capacity change from 0 to 256 [ 52.800716][ T5264] exfat: Deprecated parameter 'utf8' [ 52.809241][ T5264] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5267] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5267] close(3) = 0 [pid 5267] mkdir("./file2", 0777) = 0 [pid 5267] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5267] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5267] chdir("./file2") = 0 [pid 5267] ioctl(4, LOOP_CLR_FD) = 0 [pid 5267] close(4) = 0 [pid 5267] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5266] <... futex resumed>) = 0 [pid 5266] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5266] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5267] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5267] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5266] <... futex resumed>) = 0 [pid 5266] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5266] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5267] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5267] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5266] <... futex resumed>) = 0 [pid 5266] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5266] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5267] write(4, "\x00\x00", 2) = 2 [pid 5267] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5266] <... futex resumed>) = 0 [pid 5267] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5266] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5266] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5266] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5267] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5266] <... mmap resumed>) = 0x7f8041315000 [pid 5267] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5266] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5266] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5268], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5268 ./strace-static-x86_64: Process 5268 attached [pid 5267] <... mmap resumed>) = 0x20000000 [pid 5266] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5266] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5268] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5267] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5267] <... futex resumed>) = 0 [pid 5267] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5268] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5268] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5266] <... futex resumed>) = 0 [pid 5268] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5266] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5267] <... futex resumed>) = 0 [pid 5266] <... futex resumed>) = 1 [pid 5267] getdents64(-1, [pid 5266] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5267] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5267] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5266] <... futex resumed>) = 0 [pid 5267] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5266] exit_group(0 [pid 5267] <... futex resumed>) = ? [pid 5266] <... exit_group resumed>) = ? [pid 5268] <... futex resumed>) = ? [pid 5267] +++ exited with 0 +++ [pid 5268] +++ exited with 0 +++ [pid 5266] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5266, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./89/binderfs") = 0 umount2("./89/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./89/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./89/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./89/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./89/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 52.865903][ T5267] loop0: detected capacity change from 0 to 256 [ 52.873121][ T5267] exfat: Deprecated parameter 'utf8' [ 52.881756][ T5267] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5269 ./strace-static-x86_64: Process 5269 attached [pid 5269] set_robust_list(0x555555e366e0, 24) = 0 [pid 5269] chdir("./90") = 0 [pid 5269] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5269] setpgid(0, 0) = 0 [pid 5269] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5269] write(3, "1000", 4) = 4 [pid 5269] close(3) = 0 [pid 5269] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5269] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5269] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5269] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5270 attached , parent_tid=[5270], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5270 [pid 5270] set_robust_list(0x7f80497369e0, 24 [pid 5269] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5270] <... set_robust_list resumed>) = 0 [pid 5269] <... futex resumed>) = 0 [pid 5270] memfd_create("syzkaller", 0) = 3 [pid 5270] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5269] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5270] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5270] munmap(0x7f8041316000, 131072) = 0 [pid 5270] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5270] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5270] close(3) = 0 [pid 5270] mkdir("./file2", 0777) = 0 [pid 5270] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5270] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5270] chdir("./file2") = 0 [pid 5270] ioctl(4, LOOP_CLR_FD) = 0 [pid 5270] close(4) = 0 [pid 5270] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5269] <... futex resumed>) = 0 [pid 5269] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5270] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5270] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5269] <... futex resumed>) = 0 [pid 5269] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5270] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5270] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5269] <... futex resumed>) = 0 [pid 5269] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5270] write(4, "\x00\x00", 2) = 2 [pid 5270] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5269] <... futex resumed>) = 0 [pid 5269] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5270] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5269] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5269] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5271], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5271 ./strace-static-x86_64: Process 5271 attached [pid 5270] <... mmap resumed>) = 0x20000000 [pid 5269] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5271] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5271] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5271] openat(AT_FDCWD, "", O_RDONLY [pid 5270] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5271] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5270] <... futex resumed>) = 0 [pid 5271] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] <... futex resumed>) = 0 [pid 5269] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5271] <... futex resumed>) = 1 [pid 5271] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5270] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5270] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5269] <... futex resumed>) = 0 [pid 5269] exit_group(0) = ? [pid 5271] <... futex resumed>) = ? [pid 5271] +++ exited with 0 +++ [pid 5270] +++ exited with 0 +++ [pid 5269] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5269, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./90/binderfs") = 0 umount2("./90/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./90/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./90/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./90/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./90/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./90") = 0 mkdir("./91", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5272 ./strace-static-x86_64: Process 5272 attached [pid 5272] set_robust_list(0x555555e366e0, 24) = 0 [pid 5272] chdir("./91") = 0 [pid 5272] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5272] setpgid(0, 0) = 0 [pid 5272] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5272] write(3, "1000", 4) = 4 [pid 5272] close(3) = 0 [pid 5272] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5272] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5272] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5272] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5273 attached , parent_tid=[5273], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5273 [pid 5273] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5273] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5272] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5273] <... futex resumed>) = 0 [pid 5273] memfd_create("syzkaller", 0 [pid 5272] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5273] <... memfd_create resumed>) = 3 [pid 5273] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5273] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5273] munmap(0x7f8041316000, 131072) = 0 [pid 5273] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 52.956089][ T5270] loop0: detected capacity change from 0 to 256 [ 52.963257][ T5270] exfat: Deprecated parameter 'utf8' [ 52.971594][ T5270] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5273] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5273] close(3) = 0 [pid 5273] mkdir("./file2", 0777) = 0 [pid 5273] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5273] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5273] chdir("./file2") = 0 [pid 5273] ioctl(4, LOOP_CLR_FD) = 0 [pid 5273] close(4) = 0 [pid 5273] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] <... openat resumed>) = 4 [pid 5273] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5272] <... futex resumed>) = 0 [pid 5273] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5272] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] <... openat resumed>) = 5 [pid 5273] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5272] <... futex resumed>) = 0 [pid 5273] write(4, "\x00\x00", 2 [pid 5272] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] <... write resumed>) = 2 [pid 5273] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5272] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5272] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5274], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5274 [pid 5272] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5274 attached [pid 5274] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5274] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5273] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5274] <... openat resumed>) = 6 [pid 5274] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5274] <... futex resumed>) = 1 [pid 5274] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 5274] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5272] <... futex resumed>) = 0 [pid 5274] <... futex resumed>) = 1 [pid 5274] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5273] <... mmap resumed>) = 0x20000000 [pid 5273] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] exit_group(0) = ? [pid 5274] <... futex resumed>) = ? [pid 5274] +++ exited with 0 +++ [pid 5273] +++ exited with 0 +++ [pid 5272] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5272, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./91/binderfs") = 0 umount2("./91/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./91/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./91/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./91/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./91/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 [ 53.036765][ T5273] loop0: detected capacity change from 0 to 256 [ 53.044611][ T5273] exfat: Deprecated parameter 'utf8' [ 53.052572][ T5273] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5275 ./strace-static-x86_64: Process 5275 attached [pid 5275] set_robust_list(0x555555e366e0, 24) = 0 [pid 5275] chdir("./92") = 0 [pid 5275] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5275] setpgid(0, 0) = 0 [pid 5275] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5275] write(3, "1000", 4) = 4 [pid 5275] close(3) = 0 [pid 5275] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5275] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5275] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5275] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5276 attached [pid 5276] set_robust_list(0x7f80497369e0, 24 [pid 5275] <... clone resumed>, parent_tid=[5276], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5276 [pid 5276] <... set_robust_list resumed>) = 0 [pid 5276] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5275] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5276] <... futex resumed>) = 0 [pid 5275] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5276] memfd_create("syzkaller", 0) = 3 [pid 5276] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5276] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5276] munmap(0x7f8041316000, 131072) = 0 [pid 5276] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5276] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5276] close(3) = 0 [pid 5276] mkdir("./file2", 0777) = 0 [pid 5276] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5276] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5276] chdir("./file2") = 0 [pid 5276] ioctl(4, LOOP_CLR_FD) = 0 [pid 5276] close(4) = 0 [pid 5276] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5276] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5276] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] write(4, "\x00\x00", 2) = 2 [pid 5276] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5275] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE [pid 5276] <... mmap resumed>) = 0x20000000 [pid 5275] <... mprotect resumed>) = 0 [pid 5275] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5277], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5277 [pid 5275] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5277 attached [pid 5277] set_robust_list(0x7f80413359e0, 24 [pid 5276] <... futex resumed>) = 0 [pid 5277] <... set_robust_list resumed>) = 0 [pid 5277] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5277] openat(AT_FDCWD, "", O_RDONLY [pid 5276] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5277] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5277] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5277] <... futex resumed>) = 1 [pid 5277] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5276] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5276] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5275] <... futex resumed>) = 0 [pid 5276] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5275] exit_group(0) = ? [pid 5276] <... futex resumed>) = ? [pid 5277] <... futex resumed>) = ? [pid 5276] +++ exited with 0 +++ [pid 5277] +++ exited with 0 +++ [pid 5275] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5275, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./92/binderfs") = 0 umount2("./92/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./92/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./92/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./92/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./92/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 mkdir("./93", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5278 ./strace-static-x86_64: Process 5278 attached [pid 5278] set_robust_list(0x555555e366e0, 24) = 0 [pid 5278] chdir("./93") = 0 [pid 5278] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5278] setpgid(0, 0) = 0 [pid 5278] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5278] write(3, "1000", 4) = 4 [pid 5278] close(3) = 0 [pid 5278] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5278] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5278] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5278] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5279 attached [pid 5279] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5279] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5278] <... clone resumed>, parent_tid=[5279], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5279 [pid 5278] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5279] <... futex resumed>) = 0 [pid 5279] memfd_create("syzkaller", 0) = 3 [pid 5279] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5278] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5279] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5279] munmap(0x7f8041316000, 131072) = 0 [pid 5279] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 53.131295][ T5276] loop0: detected capacity change from 0 to 256 [ 53.139580][ T5276] exfat: Deprecated parameter 'utf8' [ 53.147319][ T5276] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5279] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5279] close(3) = 0 [pid 5279] mkdir("./file2", 0777) = 0 [pid 5279] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5279] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5279] chdir("./file2") = 0 [pid 5279] ioctl(4, LOOP_CLR_FD) = 0 [pid 5279] close(4) = 0 [pid 5279] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5278] <... futex resumed>) = 0 [pid 5278] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5279] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5279] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5278] <... futex resumed>) = 0 [pid 5278] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5279] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5279] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5278] <... futex resumed>) = 0 [pid 5278] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5279] write(4, "\x00\x00", 2) = 2 [pid 5279] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5278] <... futex resumed>) = 0 [pid 5278] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5279] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5278] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5278] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE [pid 5279] <... mmap resumed>) = 0x20000000 [pid 5278] <... mprotect resumed>) = 0 [pid 5278] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5280], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5280 [pid 5278] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5279] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] <... futex resumed>) = 0 [pid 5278] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5280 attached [pid 5279] <... futex resumed>) = 0 [pid 5280] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5280] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5280] openat(AT_FDCWD, "", O_RDONLY [pid 5279] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5280] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5280] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] <... futex resumed>) = 0 [pid 5278] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5280] <... futex resumed>) = 1 [pid 5280] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5279] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5279] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5279] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5278] <... futex resumed>) = 0 [pid 5279] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5278] exit_group(0) = ? [pid 5279] <... futex resumed>) = ? [pid 5280] <... futex resumed>) = ? [pid 5280] +++ exited with 0 +++ [pid 5279] +++ exited with 0 +++ [pid 5278] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5278, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./93", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./93/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./93/binderfs") = 0 umount2("./93/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./93/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./93/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./93/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./93/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./93") = 0 mkdir("./94", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5281 ./strace-static-x86_64: Process 5281 attached [pid 5281] set_robust_list(0x555555e366e0, 24) = 0 [pid 5281] chdir("./94") = 0 [pid 5281] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5281] setpgid(0, 0) = 0 [pid 5281] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5281] write(3, "1000", 4) = 4 [pid 5281] close(3) = 0 [pid 5281] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5281] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5281] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5281] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5282 attached [pid 5282] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5282] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5281] <... clone resumed>, parent_tid=[5282], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5282 [pid 5281] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5282] <... futex resumed>) = 0 [pid 5281] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5282] memfd_create("syzkaller", 0) = 3 [pid 5282] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5282] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5282] munmap(0x7f8041316000, 131072) = 0 [pid 5282] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 53.204857][ T5279] loop0: detected capacity change from 0 to 256 [ 53.212728][ T5279] exfat: Deprecated parameter 'utf8' [ 53.220681][ T5279] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5282] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5282] close(3) = 0 [pid 5282] mkdir("./file2", 0777) = 0 [pid 5282] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5282] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5282] chdir("./file2") = 0 [pid 5282] ioctl(4, LOOP_CLR_FD) = 0 [pid 5282] close(4) = 0 [pid 5282] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5281] <... futex resumed>) = 0 [pid 5281] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5282] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5282] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5281] <... futex resumed>) = 0 [pid 5281] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5282] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5282] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5281] <... futex resumed>) = 0 [pid 5281] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5282] write(4, "\x00\x00", 2) = 2 [pid 5282] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5281] <... futex resumed>) = 0 [pid 5281] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5281] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5282] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5281] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5283], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5283 [pid 5281] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5283 attached [pid 5283] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5283] openat(AT_FDCWD, "./file0", O_RDONLY) = 6 [pid 5283] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5281] <... futex resumed>) = 0 [pid 5281] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5283] <... futex resumed>) = 1 [pid 5283] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 5283] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5281] <... futex resumed>) = 0 [pid 5283] <... futex resumed>) = 1 [pid 5283] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5282] <... mmap resumed>) = 0x20000000 [pid 5282] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5282] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5281] exit_group(0) = ? [pid 5283] <... futex resumed>) = ? [pid 5283] +++ exited with 0 +++ [pid 5282] <... futex resumed>) = ? [pid 5282] +++ exited with 0 +++ [pid 5281] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5281, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./94", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./94/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./94/binderfs") = 0 umount2("./94/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./94/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./94/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./94/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./94/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./94") = 0 mkdir("./95", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5284 ./strace-static-x86_64: Process 5284 attached [pid 5284] set_robust_list(0x555555e366e0, 24) = 0 [pid 5284] chdir("./95") = 0 [pid 5284] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5284] setpgid(0, 0) = 0 [pid 5284] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5284] write(3, "1000", 4) = 4 [pid 5284] close(3) = 0 [pid 5284] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5284] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5284] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5284] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5285], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5285 [pid 5284] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5285 attached [pid 5285] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5285] memfd_create("syzkaller", 0) = 3 [pid 5285] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5285] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [ 53.271990][ T5282] loop0: detected capacity change from 0 to 256 [ 53.279860][ T5282] exfat: Deprecated parameter 'utf8' [ 53.287495][ T5282] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5285] munmap(0x7f8041316000, 131072) = 0 [pid 5285] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5285] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5285] close(3) = 0 [pid 5285] mkdir("./file2", 0777) = 0 [pid 5285] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5285] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5285] chdir("./file2") = 0 [pid 5285] ioctl(4, LOOP_CLR_FD) = 0 [pid 5285] close(4) = 0 [pid 5285] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5284] <... futex resumed>) = 0 [pid 5284] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5285] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5285] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5284] <... futex resumed>) = 0 [pid 5284] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5285] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5285] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5284] <... futex resumed>) = 0 [pid 5284] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5285] write(4, "\x00\x00", 2) = 2 [pid 5285] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5284] <... futex resumed>) = 0 [pid 5284] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5284] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5284] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5286], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5286 [pid 5284] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5286 attached [pid 5286] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5286] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5285] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5286] <... openat resumed>) = 6 [pid 5286] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] <... futex resumed>) = 0 [pid 5284] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5286] <... futex resumed>) = 1 [pid 5285] <... mmap resumed>) = 0x20000000 [pid 5286] getdents64(6, [pid 5285] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5286] <... getdents64 resumed>NULL, 32776) = -1 EFAULT (Bad address) [pid 5286] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] <... futex resumed>) = 0 [pid 5284] exit_group(0) = ? [pid 5286] <... futex resumed>) = ? [pid 5286] +++ exited with 0 +++ [pid 5285] <... futex resumed>) = ? [pid 5285] +++ exited with 0 +++ [pid 5284] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5284, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./95", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./95/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./95/binderfs") = 0 umount2("./95/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./95/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./95/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./95/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./95/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./95") = 0 mkdir("./96", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5287 attached [pid 5287] set_robust_list(0x555555e366e0, 24) = 0 [pid 5287] chdir("./96") = 0 [pid 5287] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5287] setpgid(0, 0) = 0 [pid 5287] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5287] write(3, "1000", 4) = 4 [pid 5287] close(3) = 0 [pid 5287] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5287] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4997] <... clone resumed>, child_tidptr=0x555555e366d0) = 5287 [pid 5287] <... futex resumed>) = 0 [pid 5287] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5287] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5287] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5288], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5288 [pid 5287] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5288 attached [pid 5288] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5288] memfd_create("syzkaller", 0) = 3 [pid 5288] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5288] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5288] munmap(0x7f8041316000, 131072) = 0 [pid 5288] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 53.328860][ T5285] loop0: detected capacity change from 0 to 256 [ 53.336159][ T5285] exfat: Deprecated parameter 'utf8' [ 53.344235][ T5285] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5288] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5288] close(3) = 0 [pid 5288] mkdir("./file2", 0777) = 0 [pid 5288] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5288] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5288] chdir("./file2") = 0 [pid 5288] ioctl(4, LOOP_CLR_FD) = 0 [pid 5288] close(4) = 0 [pid 5288] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5287] <... futex resumed>) = 0 [pid 5288] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5287] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] <... openat resumed>) = 4 [pid 5288] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5287] <... futex resumed>) = 0 [pid 5287] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5288] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5287] <... futex resumed>) = 0 [pid 5287] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] write(4, "\x00\x00", 2) = 2 [pid 5288] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5287] <... futex resumed>) = 0 [pid 5287] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5288] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5287] <... mmap resumed>) = 0x7f8041315000 [pid 5287] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5287] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5289], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5289 [pid 5287] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5289 attached [pid 5289] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5289] openat(AT_FDCWD, "./file0", O_RDONLY) = 6 [pid 5289] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] <... futex resumed>) = 0 [pid 5287] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5289] <... futex resumed>) = 1 [pid 5288] <... mmap resumed>) = 0x20000000 [pid 5289] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 5289] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] <... futex resumed>) = 0 [pid 5289] <... futex resumed>) = 1 [pid 5289] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5288] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5288] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5287] exit_group(0) = ? [pid 5288] <... futex resumed>) = ? [pid 5288] +++ exited with 0 +++ [pid 5289] <... futex resumed>) = ? [pid 5289] +++ exited with 0 +++ [pid 5287] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5287, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./96", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./96/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./96/binderfs") = 0 umount2("./96/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./96/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./96/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./96/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./96/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./96") = 0 mkdir("./97", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 53.397577][ T5288] loop0: detected capacity change from 0 to 256 [ 53.405037][ T5288] exfat: Deprecated parameter 'utf8' [ 53.413042][ T5288] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5290 attached , child_tidptr=0x555555e366d0) = 5290 [pid 5290] set_robust_list(0x555555e366e0, 24) = 0 [pid 5290] chdir("./97") = 0 [pid 5290] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5290] setpgid(0, 0) = 0 [pid 5290] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5290] write(3, "1000", 4) = 4 [pid 5290] close(3) = 0 [pid 5290] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5290] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5290] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5290] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5290] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5291 attached , parent_tid=[5291], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5291 [pid 5291] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5290] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5290] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5291] memfd_create("syzkaller", 0) = 3 [pid 5291] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5291] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5291] munmap(0x7f8041316000, 131072) = 0 [pid 5291] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5291] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5291] close(3) = 0 [pid 5291] mkdir("./file2", 0777) = 0 [pid 5291] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5291] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5291] chdir("./file2") = 0 [pid 5291] ioctl(4, LOOP_CLR_FD) = 0 [pid 5291] close(4) = 0 [pid 5291] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5290] <... futex resumed>) = 0 [pid 5290] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5290] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5291] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5291] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5290] <... futex resumed>) = 0 [pid 5290] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5290] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5291] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5291] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5290] <... futex resumed>) = 0 [pid 5290] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5290] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5291] write(4, "\x00\x00", 2) = 2 [pid 5291] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5290] <... futex resumed>) = 0 [pid 5290] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5290] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5290] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5290] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5290] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5292], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5292 [pid 5290] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5290] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5292 attached [pid 5292] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5292] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5291] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5292] <... openat resumed>) = 6 [pid 5292] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5290] <... futex resumed>) = 0 [pid 5290] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5290] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5292] <... futex resumed>) = 1 [pid 5291] <... mmap resumed>) = 0x20000000 [pid 5292] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 5292] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5290] <... futex resumed>) = 0 [pid 5292] <... futex resumed>) = 1 [pid 5292] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5291] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5291] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5290] exit_group(0) = ? [pid 5292] <... futex resumed>) = ? [pid 5292] +++ exited with 0 +++ [pid 5291] <... futex resumed>) = ? [pid 5291] +++ exited with 0 +++ [pid 5290] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5290, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./97", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./97/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./97/binderfs") = 0 umount2("./97/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./97/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./97/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./97/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./97/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./97") = 0 mkdir("./98", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5293 ./strace-static-x86_64: Process 5293 attached [pid 5293] set_robust_list(0x555555e366e0, 24) = 0 [pid 5293] chdir("./98") = 0 [pid 5293] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5293] setpgid(0, 0) = 0 [pid 5293] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5293] write(3, "1000", 4) = 4 [pid 5293] close(3) = 0 [pid 5293] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5293] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5293] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5293] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5293] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5294 attached [pid 5294] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5294] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5293] <... clone resumed>, parent_tid=[5294], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5294 [pid 5293] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5294] <... futex resumed>) = 0 [pid 5293] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5294] memfd_create("syzkaller", 0) = 3 [pid 5294] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [ 53.492207][ T5291] loop0: detected capacity change from 0 to 256 [ 53.500406][ T5291] exfat: Deprecated parameter 'utf8' [ 53.508347][ T5291] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5294] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5294] munmap(0x7f8041316000, 131072) = 0 [pid 5294] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5294] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5294] close(3) = 0 [pid 5294] mkdir("./file2", 0777) = 0 [pid 5294] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5294] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5294] chdir("./file2") = 0 [pid 5294] ioctl(4, LOOP_CLR_FD) = 0 [pid 5294] close(4) = 0 [pid 5294] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5294] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5293] <... futex resumed>) = 0 [pid 5293] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5294] <... futex resumed>) = 0 [pid 5294] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5293] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5294] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5293] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5293] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5294] <... futex resumed>) = 0 [pid 5294] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5293] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] <... openat resumed>) = 5 [pid 5294] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5294] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5293] <... futex resumed>) = 0 [pid 5293] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5294] <... futex resumed>) = 0 [pid 5294] write(4, "\x00\x00", 2) = 2 [pid 5294] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5294] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5293] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5293] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5294] <... futex resumed>) = 0 [pid 5293] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5293] <... futex resumed>) = 0 [pid 5293] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5294] <... mmap resumed>) = 0x20000000 [pid 5294] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5294] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5293] <... mmap resumed>) = 0x7f8041315000 [pid 5293] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5293] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5295 attached [pid 5295] set_robust_list(0x7f80413359e0, 24 [pid 5293] <... clone resumed>, parent_tid=[5295], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5295 [pid 5295] <... set_robust_list resumed>) = 0 [pid 5295] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5293] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5295] <... futex resumed>) = 0 [pid 5295] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5293] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5295] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5295] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5295] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5293] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5293] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] <... futex resumed>) = 0 [pid 5293] <... futex resumed>) = 1 [pid 5294] getdents64(-1, [pid 5293] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] <... getdents64 resumed>NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5294] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5294] <... futex resumed>) = 0 [pid 5294] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5293] exit_group(0 [pid 5294] <... futex resumed>) = ? [pid 5293] <... exit_group resumed>) = ? [pid 5294] +++ exited with 0 +++ [pid 5295] <... futex resumed>) = ? [pid 5295] +++ exited with 0 +++ [pid 5293] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5293, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./98", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./98/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./98/binderfs") = 0 umount2("./98/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./98/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./98/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./98/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./98/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./98") = 0 mkdir("./99", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5296 attached , child_tidptr=0x555555e366d0) = 5296 [pid 5296] set_robust_list(0x555555e366e0, 24) = 0 [pid 5296] chdir("./99") = 0 [pid 5296] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5296] setpgid(0, 0) = 0 [pid 5296] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5296] write(3, "1000", 4) = 4 [pid 5296] close(3) = 0 [pid 5296] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5296] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5296] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5296] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5297 attached , parent_tid=[5297], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5297 [pid 5297] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5297] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5296] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] <... futex resumed>) = 0 [pid 5296] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5297] memfd_create("syzkaller", 0) = 3 [pid 5297] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5297] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5297] munmap(0x7f8041316000, 131072) = 0 [pid 5297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 53.577390][ T5294] loop0: detected capacity change from 0 to 256 [ 53.585740][ T5294] exfat: Deprecated parameter 'utf8' [ 53.593891][ T5294] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5297] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5297] close(3) = 0 [pid 5297] mkdir("./file2", 0777) = 0 [pid 5297] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5297] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5297] chdir("./file2") = 0 [pid 5297] ioctl(4, LOOP_CLR_FD) = 0 [pid 5297] close(4) = 0 [pid 5297] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] <... futex resumed>) = 0 [pid 5296] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5297] <... futex resumed>) = 1 [pid 5297] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5297] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5296] <... futex resumed>) = 0 [pid 5297] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5296] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5297] <... openat resumed>) = 5 [pid 5297] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5296] <... futex resumed>) = 0 [pid 5296] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5297] write(4, "\x00\x00", 2) = 2 [pid 5297] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5296] <... futex resumed>) = 0 [pid 5296] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5297] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5296] <... mmap resumed>) = 0x7f8041315000 [pid 5296] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5296] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5298], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5298 [pid 5296] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5298 attached [pid 5298] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5298] openat(AT_FDCWD, "./file0", O_RDONLY) = 6 [pid 5298] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] <... futex resumed>) = 0 [pid 5296] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5298] <... futex resumed>) = 1 [pid 5297] <... mmap resumed>) = 0x20000000 [pid 5298] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 5298] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] <... futex resumed>) = 0 [pid 5298] <... futex resumed>) = 1 [pid 5298] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5297] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5297] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5296] exit_group(0 [pid 5297] <... futex resumed>) = ? [pid 5296] <... exit_group resumed>) = ? [pid 5297] +++ exited with 0 +++ [pid 5298] <... futex resumed>) = ? [pid 5298] +++ exited with 0 +++ [pid 5296] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5296, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./99", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./99/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./99/binderfs") = 0 [ 53.645932][ T5297] loop0: detected capacity change from 0 to 256 [ 53.653922][ T5297] exfat: Deprecated parameter 'utf8' [ 53.662083][ T5297] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./99/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./99/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./99/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./99/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./99/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./99") = 0 mkdir("./100", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5299 ./strace-static-x86_64: Process 5299 attached [pid 5299] set_robust_list(0x555555e366e0, 24) = 0 [pid 5299] chdir("./100") = 0 [pid 5299] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5299] setpgid(0, 0) = 0 [pid 5299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5299] write(3, "1000", 4) = 4 [pid 5299] close(3) = 0 [pid 5299] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5299] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5299] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5299] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5300], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5300 [pid 5299] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5300 attached [pid 5300] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5300] memfd_create("syzkaller", 0) = 3 [pid 5300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5300] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5300] munmap(0x7f8041316000, 131072) = 0 [pid 5300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5300] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5300] close(3) = 0 [pid 5300] mkdir("./file2", 0777) = 0 [pid 5300] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5300] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5300] chdir("./file2") = 0 [pid 5300] ioctl(4, LOOP_CLR_FD) = 0 [pid 5300] close(4) = 0 [pid 5300] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5299] <... futex resumed>) = 0 [pid 5299] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5300] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5299] <... futex resumed>) = 0 [pid 5299] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] <... openat resumed>) = 4 [pid 5300] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5299] <... futex resumed>) = 0 [pid 5299] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5300] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5299] <... futex resumed>) = 0 [pid 5299] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] write(4, "\x00\x00", 2) = 2 [pid 5300] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5299] <... futex resumed>) = 0 [pid 5299] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5299] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE [pid 5300] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5299] <... mprotect resumed>) = 0 [pid 5299] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5301], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5301 ./strace-static-x86_64: Process 5301 attached [pid 5300] <... mmap resumed>) = 0x20000000 [pid 5299] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5301] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5301] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5301] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5301] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5300] <... futex resumed>) = 0 [pid 5299] <... futex resumed>) = 0 [pid 5299] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5301] <... futex resumed>) = 1 [pid 5301] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5300] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5300] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5299] <... futex resumed>) = 0 [pid 5299] exit_group(0) = ? [pid 5301] <... futex resumed>) = ? [pid 5301] +++ exited with 0 +++ [pid 5300] +++ exited with 0 +++ [pid 5299] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5299, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./100", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./100/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./100/binderfs") = 0 umount2("./100/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./100/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./100/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./100/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./100/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./100") = 0 mkdir("./101", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5302 ./strace-static-x86_64: Process 5302 attached [pid 5302] set_robust_list(0x555555e366e0, 24) = 0 [pid 5302] chdir("./101") = 0 [pid 5302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5302] setpgid(0, 0) = 0 [pid 5302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5302] write(3, "1000", 4) = 4 [pid 5302] close(3) = 0 [pid 5302] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5302] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5302] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5302] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5302] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5303], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5303 [pid 5302] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5302] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5303 attached [pid 5303] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5303] memfd_create("syzkaller", 0) = 3 [pid 5303] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5303] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5303] munmap(0x7f8041316000, 131072) = 0 [pid 5303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 53.714150][ T5300] loop0: detected capacity change from 0 to 256 [ 53.721643][ T5300] exfat: Deprecated parameter 'utf8' [ 53.729568][ T5300] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5303] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5303] close(3) = 0 [pid 5303] mkdir("./file2", 0777) = 0 [pid 5303] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5303] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5303] chdir("./file2") = 0 [pid 5303] ioctl(4, LOOP_CLR_FD) = 0 [pid 5303] close(4) = 0 [pid 5303] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5302] <... futex resumed>) = 0 [pid 5302] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5302] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5303] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5303] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5302] <... futex resumed>) = 0 [pid 5302] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5302] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5303] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5303] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5302] <... futex resumed>) = 0 [pid 5302] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5302] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5303] write(4, "\x00\x00", 2) = 2 [pid 5303] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5302] <... futex resumed>) = 0 [pid 5302] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5302] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5302] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5303] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5302] <... mmap resumed>) = 0x7f8041315000 [pid 5302] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5302] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5304], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5304 [pid 5302] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5302] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5304 attached [pid 5303] <... mmap resumed>) = 0x20000000 [pid 5304] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5304] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5304] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5304] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] <... futex resumed>) = 0 [pid 5302] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5302] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5304] <... futex resumed>) = 1 [pid 5304] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5304] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] <... futex resumed>) = 0 [pid 5304] <... futex resumed>) = 1 [pid 5304] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5303] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5303] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5302] exit_group(0 [pid 5303] <... futex resumed>) = ? [pid 5302] <... exit_group resumed>) = ? [pid 5303] +++ exited with 0 +++ [pid 5304] <... futex resumed>) = ? [pid 5304] +++ exited with 0 +++ [pid 5302] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5302, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./101", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./101/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./101/binderfs") = 0 umount2("./101/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./101/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./101/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./101/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./101/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./101") = 0 mkdir("./102", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5305 attached [pid 5305] set_robust_list(0x555555e366e0, 24 [pid 4997] <... clone resumed>, child_tidptr=0x555555e366d0) = 5305 [pid 5305] <... set_robust_list resumed>) = 0 [pid 5305] chdir("./102") = 0 [pid 5305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5305] setpgid(0, 0) = 0 [pid 5305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5305] write(3, "1000", 4) = 4 [pid 5305] close(3) = 0 [pid 5305] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5305] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5305] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5305] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5306 attached [pid 5306] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5306] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5305] <... clone resumed>, parent_tid=[5306], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5306 [pid 5305] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5306] <... futex resumed>) = 0 [pid 5305] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5306] memfd_create("syzkaller", 0) = 3 [pid 5306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5306] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5306] munmap(0x7f8041316000, 131072) = 0 [pid 5306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 53.780231][ T5303] loop0: detected capacity change from 0 to 256 [ 53.788352][ T5303] exfat: Deprecated parameter 'utf8' [ 53.795983][ T5303] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5306] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5306] close(3) = 0 [pid 5306] mkdir("./file2", 0777) = 0 [pid 5306] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5306] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5306] chdir("./file2") = 0 [pid 5306] ioctl(4, LOOP_CLR_FD) = 0 [pid 5306] close(4) = 0 [pid 5306] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5305] <... futex resumed>) = 0 [pid 5305] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5305] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5306] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5306] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5305] <... futex resumed>) = 0 [pid 5305] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5305] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5306] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5306] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5305] <... futex resumed>) = 0 [pid 5305] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5305] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5306] write(4, "\x00\x00", 2) = 2 [pid 5306] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5305] <... futex resumed>) = 0 [pid 5305] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5305] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5305] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE [pid 5306] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5305] <... mprotect resumed>) = 0 [pid 5305] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5307], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5307 ./strace-static-x86_64: Process 5307 attached [pid 5306] <... mmap resumed>) = 0x20000000 [pid 5305] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5305] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5307] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5307] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5307] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5307] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5305] <... futex resumed>) = 0 [pid 5305] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5305] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5307] <... futex resumed>) = 1 [pid 5307] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5307] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5305] <... futex resumed>) = 0 [pid 5307] <... futex resumed>) = 1 [pid 5307] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5306] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5306] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5305] exit_group(0) = ? [pid 5306] <... futex resumed>) = ? [pid 5306] +++ exited with 0 +++ [pid 5307] <... futex resumed>) = ? [pid 5307] +++ exited with 0 +++ [pid 5305] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5305, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./102", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./102/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./102/binderfs") = 0 umount2("./102/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./102/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./102/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./102/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./102/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./102") = 0 mkdir("./103", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5308 ./strace-static-x86_64: Process 5308 attached [pid 5308] set_robust_list(0x555555e366e0, 24) = 0 [pid 5308] chdir("./103") = 0 [pid 5308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5308] setpgid(0, 0) = 0 [pid 5308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5308] write(3, "1000", 4) = 4 [pid 5308] close(3) = 0 [pid 5308] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5308] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5308] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5308] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5309], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5309 [pid 5308] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5309 attached [pid 5309] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5309] memfd_create("syzkaller", 0) = 3 [pid 5309] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5309] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5309] munmap(0x7f8041316000, 131072) = 0 [pid 5309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 53.850624][ T5306] loop0: detected capacity change from 0 to 256 [ 53.858605][ T5306] exfat: Deprecated parameter 'utf8' [ 53.866450][ T5306] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5309] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5309] close(3) = 0 [pid 5309] mkdir("./file2", 0777) = 0 [pid 5309] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5309] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5309] chdir("./file2") = 0 [pid 5309] ioctl(4, LOOP_CLR_FD) = 0 [pid 5309] close(4) = 0 [pid 5309] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5308] <... futex resumed>) = 0 [pid 5308] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5309] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5309] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5308] <... futex resumed>) = 0 [pid 5308] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5309] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5309] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5308] <... futex resumed>) = 0 [pid 5308] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5309] write(4, "\x00\x00", 2) = 2 [pid 5309] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5308] <... futex resumed>) = 0 [pid 5308] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5309] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5308] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5308] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5310], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5310 ./strace-static-x86_64: Process 5310 attached [pid 5309] <... mmap resumed>) = 0x20000000 [pid 5308] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5310] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5310] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5310] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5310] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] <... futex resumed>) = 0 [pid 5308] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5310] <... futex resumed>) = 1 [pid 5310] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5310] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] <... futex resumed>) = 0 [pid 5310] <... futex resumed>) = 1 [pid 5310] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5309] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5309] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5308] exit_group(0) = ? [pid 5310] <... futex resumed>) = ? [pid 5309] <... futex resumed>) = ? [pid 5310] +++ exited with 0 +++ [pid 5309] +++ exited with 0 +++ [pid 5308] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5308, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./103", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./103/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./103/binderfs") = 0 umount2("./103/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./103/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./103/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./103/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./103/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./103") = 0 mkdir("./104", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5311 attached , child_tidptr=0x555555e366d0) = 5311 [pid 5311] set_robust_list(0x555555e366e0, 24) = 0 [pid 5311] chdir("./104") = 0 [pid 5311] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5311] setpgid(0, 0) = 0 [pid 5311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5311] write(3, "1000", 4) = 4 [pid 5311] close(3) = 0 [pid 5311] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5311] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5311] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5311] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5312 attached [pid 5312] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5312] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5311] <... clone resumed>, parent_tid=[5312], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5312 [pid 5311] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5312] <... futex resumed>) = 0 [pid 5311] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5312] memfd_create("syzkaller", 0) = 3 [pid 5312] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5312] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5312] munmap(0x7f8041316000, 131072) = 0 [pid 5312] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 53.909293][ T5309] loop0: detected capacity change from 0 to 256 [ 53.916677][ T5309] exfat: Deprecated parameter 'utf8' [ 53.924894][ T5309] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5312] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5312] close(3) = 0 [pid 5312] mkdir("./file2", 0777) = 0 [pid 5312] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5312] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5312] chdir("./file2") = 0 [pid 5312] ioctl(4, LOOP_CLR_FD) = 0 [pid 5312] close(4) = 0 [pid 5312] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5311] <... futex resumed>) = 0 [pid 5311] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5312] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5311] <... futex resumed>) = 0 [pid 5311] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] <... openat resumed>) = 4 [pid 5312] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5311] <... futex resumed>) = 0 [pid 5311] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5312] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5311] <... futex resumed>) = 0 [pid 5311] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] write(4, "\x00\x00", 2) = 2 [pid 5312] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5311] <... futex resumed>) = 0 [pid 5311] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5312] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5311] <... mmap resumed>) = 0x7f8041315000 [pid 5311] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5311] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5313], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5313 [pid 5311] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5313 attached [pid 5313] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5313] openat(AT_FDCWD, "./file0", O_RDONLY) = 6 [pid 5313] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] <... futex resumed>) = 0 [pid 5311] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5313] <... futex resumed>) = 1 [pid 5312] <... mmap resumed>) = 0x20000000 [pid 5313] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 5313] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] <... futex resumed>) = 0 [pid 5313] <... futex resumed>) = 1 [pid 5313] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5312] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5312] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5311] exit_group(0 [pid 5312] <... futex resumed>) = ? [pid 5311] <... exit_group resumed>) = ? [pid 5312] +++ exited with 0 +++ [pid 5313] <... futex resumed>) = ? [pid 5313] +++ exited with 0 +++ [pid 5311] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5311, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./104", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./104/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./104/binderfs") = 0 umount2("./104/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./104/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./104/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./104/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./104/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./104") = 0 mkdir("./105", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5314 ./strace-static-x86_64: Process 5314 attached [pid 5314] set_robust_list(0x555555e366e0, 24) = 0 [pid 5314] chdir("./105") = 0 [pid 5314] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5314] setpgid(0, 0) = 0 [pid 5314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5314] write(3, "1000", 4) = 4 [pid 5314] close(3) = 0 [pid 5314] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5314] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5314] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5314] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5314] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5315], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5315 [pid 5314] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5314] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5315 attached [pid 5315] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5315] memfd_create("syzkaller", 0) = 3 [pid 5315] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5315] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5315] munmap(0x7f8041316000, 131072) = 0 [pid 5315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 53.980636][ T5312] loop0: detected capacity change from 0 to 256 [ 53.988305][ T5312] exfat: Deprecated parameter 'utf8' [ 53.995981][ T5312] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5315] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5315] close(3) = 0 [pid 5315] mkdir("./file2", 0777) = 0 [pid 5315] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5315] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5315] chdir("./file2") = 0 [pid 5315] ioctl(4, LOOP_CLR_FD) = 0 [pid 5315] close(4) = 0 [pid 5315] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5314] <... futex resumed>) = 0 [pid 5314] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5314] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5315] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5315] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5314] <... futex resumed>) = 0 [pid 5314] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5314] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5315] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5315] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5314] <... futex resumed>) = 0 [pid 5314] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5314] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5315] write(4, "\x00\x00", 2) = 2 [pid 5315] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5314] <... futex resumed>) = 0 [pid 5314] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5314] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5314] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5315] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5314] <... mmap resumed>) = 0x7f8041315000 [pid 5314] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5314] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5316], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5316 [pid 5314] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5314] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5316 attached [pid 5316] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5316] openat(AT_FDCWD, "./file0", O_RDONLY) = 6 [pid 5315] <... mmap resumed>) = 0x20000000 [pid 5316] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5314] <... futex resumed>) = 0 [pid 5314] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5314] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5316] <... futex resumed>) = 1 [pid 5316] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 5316] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5314] <... futex resumed>) = 0 [pid 5316] <... futex resumed>) = 1 [pid 5316] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5315] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5315] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5314] exit_group(0) = ? [pid 5316] <... futex resumed>) = ? [pid 5315] <... futex resumed>) = ? [pid 5315] +++ exited with 0 +++ [pid 5316] +++ exited with 0 +++ [pid 5314] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5314, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./105", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./105/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./105/binderfs") = 0 umount2("./105/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./105/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./105/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./105/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./105/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./105") = 0 mkdir("./106", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5317 ./strace-static-x86_64: Process 5317 attached [pid 5317] set_robust_list(0x555555e366e0, 24) = 0 [pid 5317] chdir("./106") = 0 [pid 5317] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5317] setpgid(0, 0) = 0 [pid 5317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5317] write(3, "1000", 4) = 4 [pid 5317] close(3) = 0 [pid 5317] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5317] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5317] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5317] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5318], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5318 [pid 5317] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5318 attached [pid 5318] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5318] memfd_create("syzkaller", 0) = 3 [pid 5318] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5318] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5318] munmap(0x7f8041316000, 131072) = 0 [pid 5318] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 54.036243][ T5315] loop0: detected capacity change from 0 to 256 [ 54.043597][ T5315] exfat: Deprecated parameter 'utf8' [ 54.051626][ T5315] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5318] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5318] close(3) = 0 [pid 5318] mkdir("./file2", 0777) = 0 [pid 5318] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5318] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5318] chdir("./file2") = 0 [pid 5318] ioctl(4, LOOP_CLR_FD) = 0 [pid 5318] close(4) = 0 [pid 5318] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5317] <... futex resumed>) = 0 [pid 5317] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5318] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5317] <... futex resumed>) = 0 [pid 5317] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5318] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5317] <... futex resumed>) = 0 [pid 5317] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] write(4, "\x00\x00", 2) = 2 [pid 5318] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5317] <... futex resumed>) = 0 [pid 5317] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5318] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5317] <... mmap resumed>) = 0x7f8041315000 [pid 5317] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5317] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5319], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5319 [pid 5317] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5319 attached [pid 5319] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5319] openat(AT_FDCWD, "./file0", O_RDONLY) = 6 [pid 5319] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5317] <... futex resumed>) = 0 [pid 5317] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5319] <... futex resumed>) = 1 [pid 5318] <... mmap resumed>) = 0x20000000 [pid 5319] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 5319] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5317] <... futex resumed>) = 0 [pid 5319] <... futex resumed>) = 1 [pid 5319] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5318] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5318] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5317] exit_group(0) = ? [pid 5318] <... futex resumed>) = ? [pid 5318] +++ exited with 0 +++ [pid 5319] <... futex resumed>) = ? [pid 5319] +++ exited with 0 +++ [pid 5317] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5317, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./106", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./106/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./106/binderfs") = 0 umount2("./106/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./106/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./106/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./106/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./106/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./106") = 0 mkdir("./107", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5320 attached [pid 5320] set_robust_list(0x555555e366e0, 24) = 0 [pid 5320] chdir("./107" [pid 4997] <... clone resumed>, child_tidptr=0x555555e366d0) = 5320 [pid 5320] <... chdir resumed>) = 0 [pid 5320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5320] setpgid(0, 0) = 0 [pid 5320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5320] write(3, "1000", 4) = 4 [pid 5320] close(3) = 0 [ 54.096413][ T5318] loop0: detected capacity change from 0 to 256 [ 54.104679][ T5318] exfat: Deprecated parameter 'utf8' [ 54.119381][ T5318] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5320] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5320] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5320] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5320] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5320] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5321 attached [pid 5321] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5321] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5320] <... clone resumed>, parent_tid=[5321], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5321 [pid 5320] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5321] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5320] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5321] memfd_create("syzkaller", 0) = 3 [pid 5321] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5321] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5321] munmap(0x7f8041316000, 131072) = 0 [pid 5321] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5321] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5321] close(3) = 0 [pid 5321] mkdir("./file2", 0777) = 0 [pid 5321] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5321] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5321] chdir("./file2") = 0 [pid 5321] ioctl(4, LOOP_CLR_FD) = 0 [pid 5321] close(4) = 0 [pid 5321] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5320] <... futex resumed>) = 0 [pid 5320] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5320] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5321] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5321] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5320] <... futex resumed>) = 0 [pid 5320] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5320] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5321] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5321] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5320] <... futex resumed>) = 0 [pid 5320] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5320] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5321] write(4, "\x00\x00", 2) = 2 [pid 5321] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5320] <... futex resumed>) = 0 [pid 5320] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5320] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5320] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5320] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE [pid 5321] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5320] <... mprotect resumed>) = 0 [pid 5320] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5322], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5322 [pid 5320] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5320] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5322 attached [pid 5322] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5322] openat(AT_FDCWD, "./file0", O_RDONLY) = 6 [pid 5322] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5320] <... futex resumed>) = 0 [pid 5320] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5320] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5322] <... futex resumed>) = 1 [pid 5322] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 5322] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5320] <... futex resumed>) = 0 [pid 5322] <... futex resumed>) = 1 [pid 5322] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5321] <... mmap resumed>) = 0x20000000 [pid 5321] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5321] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5320] exit_group(0 [pid 5321] <... futex resumed>) = ? [pid 5320] <... exit_group resumed>) = ? [pid 5321] +++ exited with 0 +++ [pid 5322] <... futex resumed>) = ? [pid 5322] +++ exited with 0 +++ [pid 5320] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5320, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./107", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./107/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./107/binderfs") = 0 [ 54.182988][ T5321] loop0: detected capacity change from 0 to 256 [ 54.191162][ T5321] exfat: Deprecated parameter 'utf8' [ 54.199184][ T5321] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./107/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./107/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./107/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./107/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./107/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./107") = 0 mkdir("./108", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5323 ./strace-static-x86_64: Process 5323 attached [pid 5323] set_robust_list(0x555555e366e0, 24) = 0 [pid 5323] chdir("./108") = 0 [pid 5323] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5323] setpgid(0, 0) = 0 [pid 5323] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5323] write(3, "1000", 4) = 4 [pid 5323] close(3) = 0 [pid 5323] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5323] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5323] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5323] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5323] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5324], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5324 [pid 5323] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5323] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5324 attached [pid 5324] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5324] memfd_create("syzkaller", 0) = 3 [pid 5324] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5324] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5324] munmap(0x7f8041316000, 131072) = 0 [pid 5324] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5324] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5324] close(3) = 0 [pid 5324] mkdir("./file2", 0777) = 0 [pid 5324] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5324] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5324] chdir("./file2") = 0 [pid 5324] ioctl(4, LOOP_CLR_FD) = 0 [pid 5324] close(4) = 0 [pid 5324] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5323] <... futex resumed>) = 0 [pid 5323] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5323] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5324] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5324] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5323] <... futex resumed>) = 0 [pid 5323] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5323] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5324] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5324] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5323] <... futex resumed>) = 0 [pid 5323] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5323] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5324] write(4, "\x00\x00", 2) = 2 [pid 5324] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5323] <... futex resumed>) = 0 [pid 5323] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5323] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5323] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5324] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5323] <... mmap resumed>) = 0x7f8041315000 [pid 5323] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5323] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5325], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5325 ./strace-static-x86_64: Process 5325 attached [pid 5324] <... mmap resumed>) = 0x20000000 [pid 5323] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5323] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5325] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5325] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5325] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5325] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5323] <... futex resumed>) = 0 [pid 5323] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5323] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5325] <... futex resumed>) = 1 [pid 5324] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5325] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5325] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5323] <... futex resumed>) = 0 [pid 5323] exit_group(0) = ? [pid 5325] <... futex resumed>) = ? [pid 5325] +++ exited with 0 +++ [pid 5324] <... futex resumed>) = ? [pid 5324] +++ exited with 0 +++ [pid 5323] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5323, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./108", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./108/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./108/binderfs") = 0 umount2("./108/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./108/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./108/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./108/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./108/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./108") = 0 mkdir("./109", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5326 attached , child_tidptr=0x555555e366d0) = 5326 [pid 5326] set_robust_list(0x555555e366e0, 24) = 0 [pid 5326] chdir("./109") = 0 [pid 5326] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5326] setpgid(0, 0) = 0 [pid 5326] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5326] write(3, "1000", 4) = 4 [pid 5326] close(3) = 0 [pid 5326] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5326] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5326] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5326] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5326] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5327], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5327 [pid 5326] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5326] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5327 attached [pid 5327] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5327] memfd_create("syzkaller", 0) = 3 [pid 5327] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5327] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5327] munmap(0x7f8041316000, 131072) = 0 [pid 5327] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 54.241169][ T5324] loop0: detected capacity change from 0 to 256 [ 54.248635][ T5324] exfat: Deprecated parameter 'utf8' [ 54.256564][ T5324] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5327] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5327] close(3) = 0 [pid 5327] mkdir("./file2", 0777) = 0 [pid 5327] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5327] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5327] chdir("./file2") = 0 [pid 5327] ioctl(4, LOOP_CLR_FD) = 0 [pid 5327] close(4) = 0 [pid 5327] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5326] <... futex resumed>) = 0 [pid 5326] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5326] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5327] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5327] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5326] <... futex resumed>) = 0 [pid 5326] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5326] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5327] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5327] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5326] <... futex resumed>) = 0 [pid 5326] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5326] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5327] write(4, "\x00\x00", 2) = 2 [pid 5327] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5326] <... futex resumed>) = 0 [pid 5326] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5326] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5326] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5327] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5326] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5326] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5328], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5328 ./strace-static-x86_64: Process 5328 attached [pid 5327] <... mmap resumed>) = 0x20000000 [pid 5326] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5326] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5328] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5328] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5328] openat(AT_FDCWD, "", O_RDONLY [pid 5327] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5328] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5328] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5326] <... futex resumed>) = 0 [pid 5326] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5326] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5328] <... futex resumed>) = 1 [pid 5328] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5327] <... futex resumed>) = 1 [pid 5326] <... futex resumed>) = 0 [pid 5326] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5327] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5327] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5326] <... futex resumed>) = 0 [pid 5326] exit_group(0) = ? [pid 5328] <... futex resumed>) = ? [pid 5328] +++ exited with 0 +++ [pid 5327] +++ exited with 0 +++ [pid 5326] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5326, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./109", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./109/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./109/binderfs") = 0 umount2("./109/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./109/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./109/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./109/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./109/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./109") = 0 mkdir("./110", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5329 attached [ 54.309013][ T5327] loop0: detected capacity change from 0 to 256 [ 54.316921][ T5327] exfat: Deprecated parameter 'utf8' [ 54.324885][ T5327] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5329] set_robust_list(0x555555e366e0, 24 [pid 4997] <... clone resumed>, child_tidptr=0x555555e366d0) = 5329 [pid 5329] <... set_robust_list resumed>) = 0 [pid 5329] chdir("./110") = 0 [pid 5329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5329] setpgid(0, 0) = 0 [pid 5329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5329] write(3, "1000", 4) = 4 [pid 5329] close(3) = 0 [pid 5329] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5329] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5329] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5329] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5330 attached [pid 5330] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5330] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5329] <... clone resumed>, parent_tid=[5330], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5330 [pid 5329] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5330] <... futex resumed>) = 0 [pid 5329] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5330] memfd_create("syzkaller", 0) = 3 [pid 5330] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5330] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5330] munmap(0x7f8041316000, 131072) = 0 [pid 5330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5330] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5330] close(3) = 0 [pid 5330] mkdir("./file2", 0777) = 0 [pid 5330] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5330] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5330] chdir("./file2") = 0 [pid 5330] ioctl(4, LOOP_CLR_FD) = 0 [pid 5330] close(4) = 0 [pid 5330] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5329] <... futex resumed>) = 0 [pid 5329] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5330] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5329] <... futex resumed>) = 0 [pid 5329] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5330] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5329] <... futex resumed>) = 0 [pid 5329] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] write(4, "\x00\x00", 2) = 2 [pid 5330] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5329] <... futex resumed>) = 0 [pid 5329] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5330] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5329] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5329] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5329] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5331], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5331 ./strace-static-x86_64: Process 5331 attached [pid 5330] <... mmap resumed>) = 0x20000000 [pid 5329] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5331] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5331] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5331] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5330] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5331] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5329] <... futex resumed>) = 0 [pid 5329] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5331] <... futex resumed>) = 1 [pid 5331] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5330] <... futex resumed>) = 1 [pid 5329] <... futex resumed>) = 0 [pid 5329] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5330] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5329] <... futex resumed>) = 0 [pid 5329] exit_group(0) = ? [pid 5331] <... futex resumed>) = ? [pid 5331] +++ exited with 0 +++ [pid 5330] +++ exited with 0 +++ [pid 5329] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5329, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./110", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./110/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./110/binderfs") = 0 umount2("./110/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./110/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./110/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./110/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./110/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./110") = 0 mkdir("./111", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5332 ./strace-static-x86_64: Process 5332 attached [pid 5332] set_robust_list(0x555555e366e0, 24) = 0 [pid 5332] chdir("./111") = 0 [pid 5332] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5332] setpgid(0, 0) = 0 [pid 5332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5332] write(3, "1000", 4) = 4 [pid 5332] close(3) = 0 [pid 5332] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5332] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5332] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5332] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5333], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5333 [pid 5332] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5333 attached [pid 5333] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5333] memfd_create("syzkaller", 0) = 3 [pid 5333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5333] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5333] munmap(0x7f8041316000, 131072) = 0 [pid 5333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 54.397787][ T5330] loop0: detected capacity change from 0 to 256 [ 54.405674][ T5330] exfat: Deprecated parameter 'utf8' [ 54.413872][ T5330] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5333] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5333] close(3) = 0 [pid 5333] mkdir("./file2", 0777) = 0 [pid 5333] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5333] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5333] chdir("./file2") = 0 [pid 5333] ioctl(4, LOOP_CLR_FD) = 0 [pid 5333] close(4) = 0 [pid 5333] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5333] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5332] <... futex resumed>) = 0 [pid 5332] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5332] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5333] <... futex resumed>) = 0 [pid 5333] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5333] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5332] <... futex resumed>) = 0 [pid 5332] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5333] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5333] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5332] <... futex resumed>) = 0 [pid 5332] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5333] write(4, "\x00\x00", 2) = 2 [pid 5333] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5332] <... futex resumed>) = 0 [pid 5332] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5332] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE [pid 5333] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5332] <... mprotect resumed>) = 0 [pid 5332] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5334], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5334 ./strace-static-x86_64: Process 5334 attached [pid 5333] <... mmap resumed>) = 0x20000000 [pid 5332] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5333] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5334] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5334] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5334] openat(AT_FDCWD, "", O_RDONLY [pid 5333] <... futex resumed>) = 0 [pid 5334] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5334] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] <... futex resumed>) = 0 [pid 5332] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5334] <... futex resumed>) = 1 [pid 5334] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5333] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5333] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5332] <... futex resumed>) = 0 [pid 5332] exit_group(0) = ? [pid 5334] <... futex resumed>) = ? [pid 5334] +++ exited with 0 +++ [pid 5333] +++ exited with 0 +++ [pid 5332] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5332, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./111", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./111/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./111/binderfs") = 0 umount2("./111/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./111/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./111/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./111/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./111/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./111") = 0 mkdir("./112", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5335 ./strace-static-x86_64: Process 5335 attached [pid 5335] set_robust_list(0x555555e366e0, 24) = 0 [pid 5335] chdir("./112") = 0 [pid 5335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5335] setpgid(0, 0) = 0 [pid 5335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5335] write(3, "1000", 4) = 4 [pid 5335] close(3) = 0 [pid 5335] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5335] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5335] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5335] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5336], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5336 [pid 5335] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5336 attached [pid 5336] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5336] memfd_create("syzkaller", 0) = 3 [pid 5336] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5336] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5336] munmap(0x7f8041316000, 131072) = 0 [pid 5336] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 54.459939][ T5333] loop0: detected capacity change from 0 to 256 [ 54.468150][ T5333] exfat: Deprecated parameter 'utf8' [ 54.475862][ T5333] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5336] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5336] close(3) = 0 [pid 5336] mkdir("./file2", 0777) = 0 [pid 5336] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5336] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5336] chdir("./file2") = 0 [pid 5336] ioctl(4, LOOP_CLR_FD) = 0 [pid 5336] close(4) = 0 [pid 5336] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5335] <... futex resumed>) = 0 [pid 5335] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5336] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5336] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5335] <... futex resumed>) = 0 [pid 5335] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5336] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5336] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5335] <... futex resumed>) = 0 [pid 5335] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5336] write(4, "\x00\x00", 2) = 2 [pid 5336] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5335] <... futex resumed>) = 0 [pid 5335] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5336] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5335] <... mmap resumed>) = 0x7f8041315000 [pid 5335] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5335] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5337], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5337 ./strace-static-x86_64: Process 5337 attached [pid 5336] <... mmap resumed>) = 0x20000000 [pid 5335] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5337] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5337] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5337] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5337] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] <... futex resumed>) = 0 [pid 5335] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5337] <... futex resumed>) = 1 [pid 5337] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5337] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] <... futex resumed>) = 0 [pid 5337] <... futex resumed>) = 1 [pid 5337] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5336] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5336] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5335] exit_group(0) = ? [pid 5337] <... futex resumed>) = ? [pid 5336] <... futex resumed>) = ? [pid 5337] +++ exited with 0 +++ [pid 5336] +++ exited with 0 +++ [pid 5335] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5335, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./112", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./112/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./112/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./112/binderfs") = 0 umount2("./112/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./112/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./112/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./112/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./112/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./112") = 0 mkdir("./113", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5338 ./strace-static-x86_64: Process 5338 attached [pid 5338] set_robust_list(0x555555e366e0, 24) = 0 [pid 5338] chdir("./113") = 0 [pid 5338] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5338] setpgid(0, 0) = 0 [pid 5338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5338] write(3, "1000", 4) = 4 [pid 5338] close(3) = 0 [pid 5338] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5338] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5338] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5338] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5338] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5339 attached [pid 5339] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5339] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5338] <... clone resumed>, parent_tid=[5339], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5339 [pid 5338] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5339] <... futex resumed>) = 0 [pid 5338] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5339] memfd_create("syzkaller", 0) = 3 [pid 5339] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5339] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5339] munmap(0x7f8041316000, 131072) = 0 [pid 5339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 54.516344][ T5336] loop0: detected capacity change from 0 to 256 [ 54.524311][ T5336] exfat: Deprecated parameter 'utf8' [ 54.532640][ T5336] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5339] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5339] close(3) = 0 [pid 5339] mkdir("./file2", 0777) = 0 [pid 5339] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5339] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5339] chdir("./file2") = 0 [pid 5339] ioctl(4, LOOP_CLR_FD) = 0 [pid 5339] close(4) = 0 [pid 5339] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5338] <... futex resumed>) = 0 [pid 5338] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5339] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5338] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5339] <... openat resumed>) = 4 [pid 5339] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5338] <... futex resumed>) = 0 [pid 5338] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5338] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5339] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5339] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5338] <... futex resumed>) = 0 [pid 5338] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5338] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5339] write(4, "\x00\x00", 2) = 2 [pid 5339] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5338] <... futex resumed>) = 0 [pid 5338] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5338] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5338] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5339] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5338] <... mmap resumed>) = 0x7f8041315000 [pid 5338] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5338] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5340], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5340 ./strace-static-x86_64: Process 5340 attached [pid 5339] <... mmap resumed>) = 0x20000000 [pid 5338] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5338] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5340] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5340] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5340] openat(AT_FDCWD, "", O_RDONLY [pid 5339] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5340] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5338] <... futex resumed>) = 0 [pid 5338] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5338] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5340] <... futex resumed>) = 1 [pid 5340] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5339] <... futex resumed>) = 1 [pid 5338] <... futex resumed>) = 0 [pid 5338] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5339] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5339] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5338] <... futex resumed>) = 0 [pid 5338] exit_group(0 [pid 5339] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5338] <... exit_group resumed>) = ? [pid 5339] <... futex resumed>) = ? [pid 5340] <... futex resumed>) = ? [pid 5340] +++ exited with 0 +++ [pid 5339] +++ exited with 0 +++ [pid 5338] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5338, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./113", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./113/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./113/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./113/binderfs") = 0 umount2("./113/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./113/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./113/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./113/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./113/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./113") = 0 mkdir("./114", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5341 attached , child_tidptr=0x555555e366d0) = 5341 [pid 5341] set_robust_list(0x555555e366e0, 24) = 0 [pid 5341] chdir("./114") = 0 [pid 5341] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5341] setpgid(0, 0) = 0 [pid 5341] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5341] write(3, "1000", 4) = 4 [pid 5341] close(3) = 0 [pid 5341] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5341] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5341] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5341] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5342 attached , parent_tid=[5342], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5342 [pid 5342] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5342] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5341] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5342] <... futex resumed>) = 0 [pid 5341] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5342] memfd_create("syzkaller", 0) = 3 [pid 5342] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5342] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5342] munmap(0x7f8041316000, 131072) = 0 [pid 5342] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 54.585446][ T5339] loop0: detected capacity change from 0 to 256 [ 54.593013][ T5339] exfat: Deprecated parameter 'utf8' [ 54.600946][ T5339] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5342] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5342] close(3) = 0 [pid 5342] mkdir("./file2", 0777) = 0 [pid 5342] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5342] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5342] chdir("./file2") = 0 [pid 5342] ioctl(4, LOOP_CLR_FD) = 0 [pid 5342] close(4) = 0 [pid 5342] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5341] <... futex resumed>) = 0 [pid 5341] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5342] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5342] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5341] <... futex resumed>) = 0 [pid 5341] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5342] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5342] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5341] <... futex resumed>) = 0 [pid 5341] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5342] write(4, "\x00\x00", 2) = 2 [pid 5342] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5341] <... futex resumed>) = 0 [pid 5341] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5342] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5341] <... mmap resumed>) = 0x7f8041315000 [pid 5341] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5341] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5343], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5343 ./strace-static-x86_64: Process 5343 attached [pid 5342] <... mmap resumed>) = 0x20000000 [pid 5341] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] set_robust_list(0x7f80413359e0, 24 [pid 5342] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5343] <... set_robust_list resumed>) = 0 [pid 5343] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5343] openat(AT_FDCWD, "", O_RDONLY [pid 5342] <... futex resumed>) = 0 [pid 5343] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5343] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5341] <... futex resumed>) = 0 [pid 5341] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] <... futex resumed>) = 1 [pid 5343] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5342] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5342] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5341] <... futex resumed>) = 0 [pid 5341] exit_group(0) = ? [pid 5343] <... futex resumed>) = ? [pid 5343] +++ exited with 0 +++ [pid 5342] +++ exited with 0 +++ [pid 5341] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5341, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./114", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./114/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./114/binderfs") = 0 umount2("./114/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./114/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./114/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./114/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./114/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./114") = 0 mkdir("./115", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5344 attached , child_tidptr=0x555555e366d0) = 5344 [pid 5344] set_robust_list(0x555555e366e0, 24) = 0 [pid 5344] chdir("./115") = 0 [pid 5344] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5344] setpgid(0, 0) = 0 [pid 5344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5344] write(3, "1000", 4) = 4 [pid 5344] close(3) = 0 [pid 5344] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5344] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5344] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5344] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5345 attached [pid 5345] set_robust_list(0x7f80497369e0, 24 [pid 5344] <... clone resumed>, parent_tid=[5345], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5345 [pid 5345] <... set_robust_list resumed>) = 0 [pid 5344] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5345] memfd_create("syzkaller", 0) = 3 [pid 5345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5345] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5345] munmap(0x7f8041316000, 131072) = 0 [pid 5345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 54.662836][ T5342] loop0: detected capacity change from 0 to 256 [ 54.671164][ T5342] exfat: Deprecated parameter 'utf8' [ 54.679032][ T5342] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5345] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5345] close(3) = 0 [pid 5345] mkdir("./file2", 0777) = 0 [pid 5345] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5345] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5345] chdir("./file2") = 0 [pid 5345] ioctl(4, LOOP_CLR_FD) = 0 [pid 5345] close(4) = 0 [pid 5345] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5344] <... futex resumed>) = 0 [pid 5344] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5345] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5345] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5344] <... futex resumed>) = 0 [pid 5344] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5345] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5345] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5344] <... futex resumed>) = 0 [pid 5344] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5345] write(4, "\x00\x00", 2) = 2 [pid 5345] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5344] <... futex resumed>) = 0 [pid 5344] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5345] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5344] <... mmap resumed>) = 0x7f8041315000 [pid 5344] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5344] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5346], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5346 ./strace-static-x86_64: Process 5346 attached [pid 5345] <... mmap resumed>) = 0x20000000 [pid 5344] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5346] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5346] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5345] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5346] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5346] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5344] <... futex resumed>) = 0 [pid 5344] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5346] <... futex resumed>) = 1 [pid 5346] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5345] <... futex resumed>) = 1 [pid 5344] <... futex resumed>) = 0 [pid 5344] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5345] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5345] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5344] <... futex resumed>) = 0 [pid 5344] exit_group(0 [pid 5345] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] <... exit_group resumed>) = ? [pid 5345] <... futex resumed>) = ? [pid 5346] <... futex resumed>) = ? [pid 5346] +++ exited with 0 +++ [pid 5345] +++ exited with 0 +++ [pid 5344] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5344, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./115", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./115/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./115/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./115/binderfs") = 0 [ 54.740029][ T5345] loop0: detected capacity change from 0 to 256 [ 54.747356][ T5345] exfat: Deprecated parameter 'utf8' [ 54.755529][ T5345] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) umount2("./115/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./115/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./115/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./115/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./115/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./115") = 0 mkdir("./116", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5347 ./strace-static-x86_64: Process 5347 attached [pid 5347] set_robust_list(0x555555e366e0, 24) = 0 [pid 5347] chdir("./116") = 0 [pid 5347] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5347] setpgid(0, 0) = 0 [pid 5347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5347] write(3, "1000", 4) = 4 [pid 5347] close(3) = 0 [pid 5347] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5347] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5347] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5347] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5348], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5348 [pid 5347] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5347] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5348 attached [pid 5348] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5348] memfd_create("syzkaller", 0) = 3 [pid 5348] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5348] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5348] munmap(0x7f8041316000, 131072) = 0 [pid 5348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5348] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5348] close(3) = 0 [pid 5348] mkdir("./file2", 0777) = 0 [pid 5348] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5348] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5348] chdir("./file2") = 0 [pid 5348] ioctl(4, LOOP_CLR_FD) = 0 [pid 5348] close(4) = 0 [pid 5348] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5348] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5347] <... futex resumed>) = 0 [pid 5347] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5347] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5348] <... futex resumed>) = 0 [pid 5348] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5348] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5347] <... futex resumed>) = 0 [pid 5348] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5347] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5347] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5348] <... openat resumed>) = 5 [pid 5348] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5347] <... futex resumed>) = 0 [pid 5347] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5347] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5348] write(4, "\x00\x00", 2) = 2 [pid 5348] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5347] <... futex resumed>) = 0 [pid 5347] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5347] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5348] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5347] <... mmap resumed>) = 0x7f8041315000 [pid 5347] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5347] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5349], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5349 ./strace-static-x86_64: Process 5349 attached [pid 5348] <... mmap resumed>) = 0x20000000 [pid 5347] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5347] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5349] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5349] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5349] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5348] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5349] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5347] <... futex resumed>) = 0 [pid 5347] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5347] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5349] <... futex resumed>) = 1 [pid 5349] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5348] <... futex resumed>) = 1 [pid 5347] <... futex resumed>) = 0 [pid 5347] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5348] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5348] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5347] <... futex resumed>) = 0 [pid 5347] exit_group(0 [pid 5348] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5347] <... exit_group resumed>) = ? [pid 5349] <... futex resumed>) = ? [pid 5349] +++ exited with 0 +++ [pid 5348] <... futex resumed>) = ? [pid 5348] +++ exited with 0 +++ [pid 5347] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5347, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./116", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./116/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./116/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./116/binderfs") = 0 umount2("./116/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./116/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./116/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./116/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./116/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./116") = 0 mkdir("./117", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5350 attached , child_tidptr=0x555555e366d0) = 5350 [pid 5350] set_robust_list(0x555555e366e0, 24) = 0 [pid 5350] chdir("./117") = 0 [pid 5350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5350] setpgid(0, 0) = 0 [pid 5350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5350] write(3, "1000", 4) = 4 [pid 5350] close(3) = 0 [pid 5350] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5350] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5350] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5350] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5351], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5351 ./strace-static-x86_64: Process 5351 attached [pid 5350] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] set_robust_list(0x7f80497369e0, 24 [pid 5350] <... futex resumed>) = 0 [pid 5351] <... set_robust_list resumed>) = 0 [pid 5351] memfd_create("syzkaller", 0 [pid 5350] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5351] <... memfd_create resumed>) = 3 [pid 5351] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5351] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5351] munmap(0x7f8041316000, 131072) = 0 [pid 5351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 54.796734][ T5348] loop0: detected capacity change from 0 to 256 [ 54.804023][ T5348] exfat: Deprecated parameter 'utf8' [ 54.812290][ T5348] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5351] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5351] close(3) = 0 [pid 5351] mkdir("./file2", 0777) = 0 [pid 5351] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5351] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5351] chdir("./file2") = 0 [pid 5351] ioctl(4, LOOP_CLR_FD) = 0 [pid 5351] close(4) = 0 [pid 5351] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5351] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5350] <... futex resumed>) = 0 [pid 5350] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] <... futex resumed>) = 0 [pid 5350] <... futex resumed>) = 1 [pid 5351] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5350] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5351] <... openat resumed>) = 4 [pid 5351] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5350] <... futex resumed>) = 0 [pid 5350] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5351] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5351] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5350] <... futex resumed>) = 0 [pid 5350] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5351] write(4, "\x00\x00", 2) = 2 [pid 5351] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5350] <... futex resumed>) = 0 [pid 5350] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5351] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5350] <... mmap resumed>) = 0x7f8041315000 [pid 5350] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE [pid 5351] <... mmap resumed>) = 0x20000000 [pid 5351] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] <... mprotect resumed>) = 0 [pid 5351] <... futex resumed>) = 0 [pid 5350] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5351] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5350] <... clone resumed>, parent_tid=[5352], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5352 [pid 5350] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5352 attached [pid 5352] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5352] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5352] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5352] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5352] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5350] <... futex resumed>) = 0 [pid 5350] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5350] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5351] <... futex resumed>) = 0 [pid 5351] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5351] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5350] <... futex resumed>) = 0 [pid 5350] exit_group(0 [pid 5351] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5350] <... exit_group resumed>) = ? [pid 5352] <... futex resumed>) = ? [pid 5351] <... futex resumed>) = ? [pid 5351] +++ exited with 0 +++ [pid 5352] +++ exited with 0 +++ [pid 5350] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5350, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./117", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./117/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./117/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./117/binderfs") = 0 umount2("./117/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./117/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./117/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./117/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./117/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./117") = 0 mkdir("./118", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5353 ./strace-static-x86_64: Process 5353 attached [pid 5353] set_robust_list(0x555555e366e0, 24) = 0 [pid 5353] chdir("./118") = 0 [pid 5353] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5353] setpgid(0, 0) = 0 [pid 5353] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5353] write(3, "1000", 4) = 4 [pid 5353] close(3) = 0 [pid 5353] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5353] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5353] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5353] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5354 attached [pid 5354] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5354] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5353] <... clone resumed>, parent_tid=[5354], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5354 [pid 5353] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5354] <... futex resumed>) = 0 [pid 5353] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5354] memfd_create("syzkaller", 0) = 3 [pid 5354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5354] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5354] munmap(0x7f8041316000, 131072) = 0 [pid 5354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 54.874711][ T5351] loop0: detected capacity change from 0 to 256 [ 54.883311][ T5351] exfat: Deprecated parameter 'utf8' [ 54.891100][ T5351] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5354] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5354] close(3) = 0 [pid 5354] mkdir("./file2", 0777) = 0 [pid 5354] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5354] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5354] chdir("./file2") = 0 [pid 5354] ioctl(4, LOOP_CLR_FD) = 0 [pid 5354] close(4) = 0 [pid 5354] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5353] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5354] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5354] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5353] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5354] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5354] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5353] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5354] write(4, "\x00\x00", 2) = 2 [pid 5354] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5353] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5354] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5353] <... mmap resumed>) = 0x7f8041315000 [pid 5353] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5353] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5355], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5355 ./strace-static-x86_64: Process 5355 attached [pid 5354] <... mmap resumed>) = 0x20000000 [pid 5353] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5355] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5355] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5355] openat(AT_FDCWD, "", O_RDONLY [pid 5354] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5355] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5355] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5353] <... futex resumed>) = 0 [pid 5353] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5355] <... futex resumed>) = 1 [pid 5355] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5354] <... futex resumed>) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5353] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5354] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5354] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5353] exit_group(0) = ? [pid 5355] <... futex resumed>) = ? [pid 5354] +++ exited with 0 +++ [pid 5355] +++ exited with 0 +++ [pid 5353] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5353, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./118", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./118/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./118/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./118/binderfs") = 0 umount2("./118/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./118/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./118/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./118/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./118/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./118") = 0 mkdir("./119", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5356 ./strace-static-x86_64: Process 5356 attached [pid 5356] set_robust_list(0x555555e366e0, 24) = 0 [pid 5356] chdir("./119") = 0 [pid 5356] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5356] setpgid(0, 0) = 0 [pid 5356] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5356] write(3, "1000", 4) = 4 [pid 5356] close(3) = 0 [pid 5356] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5356] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5356] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5356] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5356] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5357], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5357 [pid 5356] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5356] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5357 attached [pid 5357] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5357] memfd_create("syzkaller", 0) = 3 [pid 5357] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5357] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5357] munmap(0x7f8041316000, 131072) = 0 [pid 5357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 54.948303][ T5354] loop0: detected capacity change from 0 to 256 [ 54.956018][ T5354] exfat: Deprecated parameter 'utf8' [ 54.964133][ T5354] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5357] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5357] close(3) = 0 [pid 5357] mkdir("./file2", 0777) = 0 [pid 5357] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5357] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5357] chdir("./file2") = 0 [pid 5357] ioctl(4, LOOP_CLR_FD) = 0 [pid 5357] close(4) = 0 [pid 5357] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5356] <... futex resumed>) = 0 [pid 5356] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5356] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5357] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5357] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5356] <... futex resumed>) = 0 [pid 5356] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5356] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5357] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5357] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5356] <... futex resumed>) = 0 [pid 5356] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5356] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5357] write(4, "\x00\x00", 2) = 2 [pid 5357] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5356] <... futex resumed>) = 0 [pid 5356] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5356] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5356] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5357] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5356] <... mmap resumed>) = 0x7f8041315000 [pid 5356] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5356] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5358], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5358 [pid 5356] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5356] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5358 attached [pid 5358] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5358] openat(AT_FDCWD, "./file0", O_RDONLY) = 6 [pid 5357] <... mmap resumed>) = 0x20000000 [pid 5358] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5356] <... futex resumed>) = 0 [pid 5356] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5356] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5358] <... futex resumed>) = 1 [pid 5358] getdents64(6, NULL, 32776) = -1 EFAULT (Bad address) [pid 5358] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5356] <... futex resumed>) = 0 [pid 5358] <... futex resumed>) = 1 [pid 5358] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5357] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5357] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5356] exit_group(0) = ? [pid 5357] <... futex resumed>) = ? [pid 5357] +++ exited with 0 +++ [pid 5358] <... futex resumed>) = ? [pid 5358] +++ exited with 0 +++ [pid 5356] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5356, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./119", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./119/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./119/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./119/binderfs") = 0 umount2("./119/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./119/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./119/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./119/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./119/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./119") = 0 mkdir("./120", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5359 ./strace-static-x86_64: Process 5359 attached [pid 5359] set_robust_list(0x555555e366e0, 24) = 0 [pid 5359] chdir("./120") = 0 [pid 5359] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5359] setpgid(0, 0) = 0 [pid 5359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5359] write(3, "1000", 4) = 4 [pid 5359] close(3) = 0 [pid 5359] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5359] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5359] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5359] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5360], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5360 [pid 5359] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5360 attached [pid 5360] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5360] memfd_create("syzkaller", 0) = 3 [pid 5360] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5360] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [ 55.011878][ T5357] loop0: detected capacity change from 0 to 256 [ 55.019948][ T5357] exfat: Deprecated parameter 'utf8' [ 55.028277][ T5357] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5360] munmap(0x7f8041316000, 131072) = 0 [pid 5360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5360] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5360] close(3) = 0 [pid 5360] mkdir("./file2", 0777) = 0 [pid 5360] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5360] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5360] chdir("./file2") = 0 [pid 5360] ioctl(4, LOOP_CLR_FD) = 0 [pid 5360] close(4) = 0 [pid 5360] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5359] <... futex resumed>) = 0 [pid 5359] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5360] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5360] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5359] <... futex resumed>) = 0 [pid 5359] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5360] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5360] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5359] <... futex resumed>) = 0 [pid 5359] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5360] write(4, "\x00\x00", 2) = 2 [pid 5360] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5359] <... futex resumed>) = 0 [pid 5359] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5360] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5359] <... mmap resumed>) = 0x7f8041315000 [pid 5359] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5359] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5361], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5361 ./strace-static-x86_64: Process 5361 attached [pid 5360] <... mmap resumed>) = 0x20000000 [pid 5359] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5361] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5361] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5361] openat(AT_FDCWD, "", O_RDONLY [pid 5360] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5361] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5361] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5359] <... futex resumed>) = 0 [pid 5359] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5361] <... futex resumed>) = 1 [pid 5361] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5360] <... futex resumed>) = 1 [pid 5359] <... futex resumed>) = 0 [pid 5359] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5360] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5360] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5359] <... futex resumed>) = 0 [pid 5359] exit_group(0) = ? [pid 5361] <... futex resumed>) = ? [pid 5361] +++ exited with 0 +++ [pid 5360] +++ exited with 0 +++ [pid 5359] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5359, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./120", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./120/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./120/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./120/binderfs") = 0 umount2("./120/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./120/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./120/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./120/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./120/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./120") = 0 mkdir("./121", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5362 attached , child_tidptr=0x555555e366d0) = 5362 [pid 5362] set_robust_list(0x555555e366e0, 24) = 0 [pid 5362] chdir("./121") = 0 [pid 5362] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5362] setpgid(0, 0) = 0 [pid 5362] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5362] write(3, "1000", 4) = 4 [pid 5362] close(3) = 0 [pid 5362] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5362] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5362] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5362] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5362] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5363 attached [pid 5363] set_robust_list(0x7f80497369e0, 24 [pid 5362] <... clone resumed>, parent_tid=[5363], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5363 [pid 5363] <... set_robust_list resumed>) = 0 [pid 5362] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5362] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5363] memfd_create("syzkaller", 0) = 3 [pid 5363] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5363] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5363] munmap(0x7f8041316000, 131072) = 0 [pid 5363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 55.068313][ T5360] loop0: detected capacity change from 0 to 256 [ 55.075600][ T5360] exfat: Deprecated parameter 'utf8' [ 55.083921][ T5360] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5363] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5363] close(3) = 0 [pid 5363] mkdir("./file2", 0777) = 0 [pid 5363] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5363] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5363] chdir("./file2") = 0 [pid 5363] ioctl(4, LOOP_CLR_FD) = 0 [pid 5363] close(4) = 0 [pid 5363] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5362] <... futex resumed>) = 0 [pid 5362] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5362] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5363] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5363] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5362] <... futex resumed>) = 0 [pid 5362] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5362] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5363] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5363] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5362] <... futex resumed>) = 0 [pid 5363] <... futex resumed>) = 1 [pid 5362] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5363] write(4, "\x00\x00", 2 [pid 5362] <... futex resumed>) = 0 [pid 5362] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5363] <... write resumed>) = 2 [pid 5363] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5362] <... futex resumed>) = 0 [pid 5363] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5362] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5362] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5362] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5363] <... mmap resumed>) = 0x20000000 [pid 5362] <... mmap resumed>) = 0x7f8041315000 [pid 5362] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE [pid 5363] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5362] <... mprotect resumed>) = 0 [pid 5362] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5363] <... futex resumed>) = 0 [pid 5362] <... clone resumed>, parent_tid=[5364], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5364 [pid 5362] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5362] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5364 attached [pid 5364] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5364] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5363] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5364] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5364] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5362] <... futex resumed>) = 0 [pid 5362] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5362] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5364] <... futex resumed>) = 1 [pid 5364] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5363] <... futex resumed>) = 0 [pid 5363] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5363] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5362] <... futex resumed>) = 0 [pid 5362] exit_group(0) = ? [pid 5364] <... futex resumed>) = ? [pid 5364] +++ exited with 0 +++ [pid 5363] +++ exited with 0 +++ [pid 5362] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5362, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./121", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./121/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./121/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./121/binderfs") = 0 umount2("./121/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./121/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./121/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./121/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./121/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./121") = 0 mkdir("./122", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5365 ./strace-static-x86_64: Process 5365 attached [pid 5365] set_robust_list(0x555555e366e0, 24) = 0 [pid 5365] chdir("./122") = 0 [pid 5365] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5365] setpgid(0, 0) = 0 [pid 5365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5365] write(3, "1000", 4) = 4 [pid 5365] close(3) = 0 [pid 5365] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5365] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5365] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5365] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5366 attached , parent_tid=[5366], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5366 [pid 5366] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5366] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5366] <... futex resumed>) = 0 [pid 5365] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5366] memfd_create("syzkaller", 0) = 3 [pid 5366] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5366] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5366] munmap(0x7f8041316000, 131072) = 0 [pid 5366] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 55.135964][ T5363] loop0: detected capacity change from 0 to 256 [ 55.144279][ T5363] exfat: Deprecated parameter 'utf8' [ 55.152248][ T5363] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5366] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5366] close(3) = 0 [pid 5366] mkdir("./file2", 0777) = 0 [pid 5366] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5366] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5366] chdir("./file2") = 0 [pid 5366] ioctl(4, LOOP_CLR_FD) = 0 [pid 5366] close(4) = 0 [pid 5366] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5365] <... futex resumed>) = 0 [pid 5365] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5366] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5365] <... futex resumed>) = 0 [pid 5365] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5366] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5365] <... futex resumed>) = 0 [pid 5365] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] write(4, "\x00\x00", 2) = 2 [pid 5366] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5365] <... futex resumed>) = 0 [pid 5365] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5365] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE [pid 5366] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5365] <... mprotect resumed>) = 0 [pid 5365] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5367], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5367 ./strace-static-x86_64: Process 5367 attached [pid 5366] <... mmap resumed>) = 0x20000000 [pid 5365] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5367] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5367] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5367] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5367] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] <... futex resumed>) = 0 [pid 5365] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5367] <... futex resumed>) = 1 [pid 5367] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5366] <... futex resumed>) = 1 [pid 5365] <... futex resumed>) = 0 [pid 5365] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5366] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5365] <... futex resumed>) = 0 [pid 5365] exit_group(0) = ? [pid 5367] <... futex resumed>) = ? [pid 5367] +++ exited with 0 +++ [pid 5366] +++ exited with 0 +++ [pid 5365] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5365, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./122", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./122/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./122/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./122/binderfs") = 0 umount2("./122/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./122/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./122/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./122/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./122/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./122") = 0 mkdir("./123", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5368 ./strace-static-x86_64: Process 5368 attached [pid 5368] set_robust_list(0x555555e366e0, 24) = 0 [pid 5368] chdir("./123") = 0 [pid 5368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5368] setpgid(0, 0) = 0 [pid 5368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5368] write(3, "1000", 4) = 4 [pid 5368] close(3) = 0 [pid 5368] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5368] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5368] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5368] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5369], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5369 [pid 5368] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5369 attached [pid 5369] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5369] memfd_create("syzkaller", 0) = 3 [pid 5369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [ 55.214196][ T5366] loop0: detected capacity change from 0 to 256 [ 55.222250][ T5366] exfat: Deprecated parameter 'utf8' [ 55.230147][ T5366] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5369] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5369] munmap(0x7f8041316000, 131072) = 0 [pid 5369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5369] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5369] close(3) = 0 [pid 5369] mkdir("./file2", 0777) = 0 [pid 5369] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5369] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5369] chdir("./file2") = 0 [pid 5369] ioctl(4, LOOP_CLR_FD) = 0 [pid 5369] close(4) = 0 [pid 5369] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5368] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5369] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5369] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5368] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5369] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5369] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5368] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5369] write(4, "\x00\x00", 2) = 2 [pid 5369] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5368] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5369] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5368] <... mmap resumed>) = 0x7f8041315000 [pid 5368] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5368] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5370], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5370 ./strace-static-x86_64: Process 5370 attached [pid 5369] <... mmap resumed>) = 0x20000000 [pid 5368] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5370] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5370] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5370] openat(AT_FDCWD, "", O_RDONLY [pid 5369] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5370] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5370] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5368] <... futex resumed>) = 0 [pid 5368] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5370] <... futex resumed>) = 1 [pid 5370] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5369] <... futex resumed>) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5368] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5369] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5369] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5368] exit_group(0) = ? [pid 5370] <... futex resumed>) = ? [pid 5369] +++ exited with 0 +++ [pid 5370] +++ exited with 0 +++ [pid 5368] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5368, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./123", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./123/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./123/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./123/binderfs") = 0 umount2("./123/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./123/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./123/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./123/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./123/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./123") = 0 mkdir("./124", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5371 attached , child_tidptr=0x555555e366d0) = 5371 [pid 5371] set_robust_list(0x555555e366e0, 24) = 0 [pid 5371] chdir("./124") = 0 [pid 5371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5371] setpgid(0, 0) = 0 [pid 5371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5371] write(3, "1000", 4) = 4 [pid 5371] close(3) = 0 [pid 5371] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5371] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5371] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5371] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5372 attached [pid 5372] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5372] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5371] <... clone resumed>, parent_tid=[5372], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5372 [pid 5371] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] <... futex resumed>) = 0 [pid 5371] <... futex resumed>) = 1 [pid 5372] memfd_create("syzkaller", 0 [pid 5371] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5372] <... memfd_create resumed>) = 3 [pid 5372] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5372] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5372] munmap(0x7f8041316000, 131072) = 0 [pid 5372] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 55.271687][ T5369] loop0: detected capacity change from 0 to 256 [ 55.279521][ T5369] exfat: Deprecated parameter 'utf8' [ 55.287400][ T5369] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5372] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5372] close(3) = 0 [pid 5372] mkdir("./file2", 0777) = 0 [pid 5372] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5372] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5372] chdir("./file2") = 0 [pid 5372] ioctl(4, LOOP_CLR_FD) = 0 [pid 5372] close(4) = 0 [pid 5372] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5371] <... futex resumed>) = 0 [pid 5371] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5372] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5372] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5371] <... futex resumed>) = 0 [pid 5371] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5372] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5372] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5371] <... futex resumed>) = 0 [pid 5371] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5372] write(4, "\x00\x00", 2) = 2 [pid 5372] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5371] <... futex resumed>) = 0 [pid 5371] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5372] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5371] <... mmap resumed>) = 0x7f8041315000 [pid 5371] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5371] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5373], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5373 ./strace-static-x86_64: Process 5373 attached [pid 5372] <... mmap resumed>) = 0x20000000 [pid 5371] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5373] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5373] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5373] openat(AT_FDCWD, "", O_RDONLY [pid 5372] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5373] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5373] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5371] <... futex resumed>) = 0 [pid 5371] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5373] <... futex resumed>) = 1 [pid 5373] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5372] <... futex resumed>) = 1 [pid 5371] <... futex resumed>) = 0 [pid 5371] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5372] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5372] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5371] <... futex resumed>) = 0 [pid 5371] exit_group(0) = ? [pid 5373] <... futex resumed>) = ? [pid 5372] +++ exited with 0 +++ [pid 5373] +++ exited with 0 +++ [pid 5371] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5371, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./124", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./124/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./124/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./124/binderfs") = 0 umount2("./124/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./124/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./124/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./124/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./124/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./124") = 0 mkdir("./125", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5374 ./strace-static-x86_64: Process 5374 attached [pid 5374] set_robust_list(0x555555e366e0, 24) = 0 [pid 5374] chdir("./125") = 0 [pid 5374] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5374] setpgid(0, 0) = 0 [pid 5374] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5374] write(3, "1000", 4) = 4 [pid 5374] close(3) = 0 [pid 5374] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5374] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5374] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5374] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5374] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5375 attached , parent_tid=[5375], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5375 [pid 5375] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5375] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5374] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5375] <... futex resumed>) = 0 [pid 5374] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5375] memfd_create("syzkaller", 0) = 3 [pid 5375] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5375] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5375] munmap(0x7f8041316000, 131072) = 0 [pid 5375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 55.340431][ T5372] loop0: detected capacity change from 0 to 256 [ 55.348498][ T5372] exfat: Deprecated parameter 'utf8' [ 55.356224][ T5372] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5375] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5375] close(3) = 0 [pid 5375] mkdir("./file2", 0777) = 0 [pid 5375] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5375] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5375] chdir("./file2") = 0 [pid 5375] ioctl(4, LOOP_CLR_FD) = 0 [pid 5375] close(4) = 0 [pid 5375] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5374] <... futex resumed>) = 0 [pid 5374] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5375] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5374] <... futex resumed>) = 0 [pid 5374] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5375] <... openat resumed>) = 4 [pid 5375] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5374] <... futex resumed>) = 0 [pid 5374] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5374] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5375] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5375] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5374] <... futex resumed>) = 0 [pid 5374] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5374] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5375] write(4, "\x00\x00", 2) = 2 [pid 5375] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5374] <... futex resumed>) = 0 [pid 5374] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5374] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5374] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5375] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5374] <... mmap resumed>) = 0x7f8041315000 [pid 5374] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5374] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5376], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5376 ./strace-static-x86_64: Process 5376 attached [pid 5375] <... mmap resumed>) = 0x20000000 [pid 5374] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5374] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5376] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5376] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5376] openat(AT_FDCWD, "", O_RDONLY [pid 5375] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5376] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5376] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5374] <... futex resumed>) = 0 [pid 5374] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5374] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5376] <... futex resumed>) = 1 [pid 5376] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5375] <... futex resumed>) = 1 [pid 5374] <... futex resumed>) = 0 [pid 5374] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5375] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5375] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5374] <... futex resumed>) = 0 [pid 5374] exit_group(0) = ? [pid 5376] <... futex resumed>) = ? [pid 5375] +++ exited with 0 +++ [pid 5376] +++ exited with 0 +++ [pid 5374] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5374, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./125", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./125/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./125/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./125/binderfs") = 0 umount2("./125/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./125/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./125/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./125/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./125/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./125") = 0 mkdir("./126", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5377 ./strace-static-x86_64: Process 5377 attached [pid 5377] set_robust_list(0x555555e366e0, 24) = 0 [pid 5377] chdir("./126") = 0 [pid 5377] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5377] setpgid(0, 0) = 0 [pid 5377] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5377] write(3, "1000", 4) = 4 [pid 5377] close(3) = 0 [pid 5377] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5377] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5377] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5377] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5377] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5378 attached [pid 5378] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5378] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5377] <... clone resumed>, parent_tid=[5378], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5378 [pid 5377] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5378] <... futex resumed>) = 0 [pid 5377] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5378] memfd_create("syzkaller", 0) = 3 [pid 5378] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [ 55.409272][ T5375] loop0: detected capacity change from 0 to 256 [ 55.417221][ T5375] exfat: Deprecated parameter 'utf8' [ 55.425081][ T5375] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5378] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5378] munmap(0x7f8041316000, 131072) = 0 [pid 5378] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5378] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5378] close(3) = 0 [pid 5378] mkdir("./file2", 0777) = 0 [pid 5378] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5378] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5378] chdir("./file2") = 0 [pid 5378] ioctl(4, LOOP_CLR_FD) = 0 [pid 5378] close(4) = 0 [pid 5378] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5377] <... futex resumed>) = 0 [pid 5377] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5377] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] <... futex resumed>) = 1 [pid 5378] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5378] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5377] <... futex resumed>) = 0 [pid 5377] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5377] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] <... futex resumed>) = 1 [pid 5378] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5378] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5377] <... futex resumed>) = 0 [pid 5377] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5377] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] <... futex resumed>) = 1 [pid 5378] write(4, "\x00\x00", 2) = 2 [pid 5378] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5377] <... futex resumed>) = 0 [pid 5377] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5377] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5377] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5377] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5377] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5379], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5379 [pid 5377] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5377] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] <... futex resumed>) = 1 [pid 5378] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5378] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5378] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5379 attached [pid 5379] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5379] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5379] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5379] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5377] <... futex resumed>) = 0 [pid 5377] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5377] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] <... futex resumed>) = 0 [pid 5378] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5378] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5377] <... futex resumed>) = 0 [pid 5377] exit_group(0) = ? [pid 5378] <... futex resumed>) = ? [pid 5378] +++ exited with 0 +++ [pid 5379] <... futex resumed>) = ? [pid 5379] +++ exited with 0 +++ [pid 5377] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5377, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./126", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./126/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./126/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./126/binderfs") = 0 umount2("./126/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./126/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./126/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./126/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./126/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./126") = 0 mkdir("./127", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5380 ./strace-static-x86_64: Process 5380 attached [pid 5380] set_robust_list(0x555555e366e0, 24) = 0 [pid 5380] chdir("./127") = 0 [pid 5380] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5380] setpgid(0, 0) = 0 [pid 5380] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5380] write(3, "1000", 4) = 4 [pid 5380] close(3) = 0 [pid 5380] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5380] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5380] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5380] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5380] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5381 attached , parent_tid=[5381], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5381 [pid 5381] set_robust_list(0x7f80497369e0, 24) = 0 [pid 5381] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5380] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5381] <... futex resumed>) = 0 [pid 5380] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5381] memfd_create("syzkaller", 0) = 3 [pid 5381] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5381] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5381] munmap(0x7f8041316000, 131072) = 0 [pid 5381] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 55.468148][ T5378] loop0: detected capacity change from 0 to 256 [ 55.475798][ T5378] exfat: Deprecated parameter 'utf8' [ 55.484009][ T5378] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5381] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5381] close(3) = 0 [pid 5381] mkdir("./file2", 0777) = 0 [pid 5381] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5381] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5381] chdir("./file2") = 0 [pid 5381] ioctl(4, LOOP_CLR_FD) = 0 [pid 5381] close(4) = 0 [pid 5381] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5380] <... futex resumed>) = 0 [pid 5380] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5380] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5381] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5381] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5380] <... futex resumed>) = 0 [pid 5380] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5380] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5381] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5381] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5380] <... futex resumed>) = 0 [pid 5380] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5380] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5381] write(4, "\x00\x00", 2) = 2 [pid 5381] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5380] <... futex resumed>) = 0 [pid 5380] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5380] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5380] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5381] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5380] <... mmap resumed>) = 0x7f8041315000 [pid 5380] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5380] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5382], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5382 ./strace-static-x86_64: Process 5382 attached [pid 5381] <... mmap resumed>) = 0x20000000 [pid 5380] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5380] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5382] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5382] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5382] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5382] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5380] <... futex resumed>) = 0 [pid 5380] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5380] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5382] <... futex resumed>) = 1 [pid 5382] getdents64(-1, NULL, 32776) = -1 EBADF (Bad file descriptor) [pid 5382] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5380] <... futex resumed>) = 0 [pid 5382] <... futex resumed>) = 1 [pid 5382] futex(0x7f80498107b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5381] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5381] futex(0x7f80498107a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5380] exit_group(0 [pid 5382] <... futex resumed>) = ? [pid 5380] <... exit_group resumed>) = ? [pid 5382] +++ exited with 0 +++ [pid 5381] <... futex resumed>) = ? [pid 5381] +++ exited with 0 +++ [pid 5380] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5380, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./127", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e37720 /* 4 entries */, 32768) = 112 umount2("./127/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./127/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./127/binderfs") = 0 umount2("./127/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./127/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./127/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./127/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3f760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3f760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./127/file2") = 0 getdents64(3, 0x555555e37720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./127") = 0 mkdir("./128", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e366d0) = 5383 ./strace-static-x86_64: Process 5383 attached [pid 5383] set_robust_list(0x555555e366e0, 24) = 0 [pid 5383] chdir("./128") = 0 [pid 5383] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5383] setpgid(0, 0) = 0 [pid 5383] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5383] write(3, "1000", 4) = 4 [pid 5383] close(3) = 0 [pid 5383] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5383] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8049716000 [pid 5383] mprotect(0x7f8049717000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5383] clone(child_stack=0x7f80497362f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5384 attached , parent_tid=[5384], tls=0x7f8049736700, child_tidptr=0x7f80497369d0) = 5384 [pid 5384] set_robust_list(0x7f80497369e0, 24 [pid 5383] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5384] <... set_robust_list resumed>) = 0 [pid 5383] <... futex resumed>) = 0 [pid 5383] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5384] memfd_create("syzkaller", 0) = 3 [pid 5384] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8041316000 [pid 5384] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5384] munmap(0x7f8041316000, 131072) = 0 [pid 5384] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 55.528082][ T5381] loop0: detected capacity change from 0 to 256 [ 55.535486][ T5381] exfat: Deprecated parameter 'utf8' [ 55.543584][ T5381] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x275db541, utbl_chksum : 0xe619d30d) [pid 5384] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5384] close(3) = 0 [pid 5384] mkdir("./file2", 0777) = 0 [pid 5384] mount("/dev/loop0", "./file2", "exfat", MS_BORN, "iocharset=cp864,allow_utime=00000000000000000000004,utf8,uid=0x000000000000ee01") = 0 [pid 5384] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5384] chdir("./file2") = 0 [pid 5384] ioctl(4, LOOP_CLR_FD) = 0 [pid 5384] close(4) = 0 [pid 5384] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5383] <... futex resumed>) = 0 [pid 5383] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5384] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5384] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5383] <... futex resumed>) = 0 [pid 5383] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5384] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 5384] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5383] <... futex resumed>) = 0 [pid 5383] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] futex(0x7f80498107ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5384] write(4, "\x00\x00", 2) = 2 [pid 5384] futex(0x7f80498107ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5383] <... futex resumed>) = 0 [pid 5383] futex(0x7f80498107a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8041315000 [pid 5383] mprotect(0x7f8041316000, 131072, PROT_READ|PROT_WRITE [pid 5384] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5383] <... mprotect resumed>) = 0 [pid 5383] clone(child_stack=0x7f80413352f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5385], tls=0x7f8041335700, child_tidptr=0x7f80413359d0) = 5385 ./strace-static-x86_64: Process 5385 attached [pid 5384] <... mmap resumed>) = 0x20000000 [pid 5383] futex(0x7f80498107b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] futex(0x7f80498107bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5385] set_robust_list(0x7f80413359e0, 24) = 0 [pid 5385] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000080} --- [pid 5385] openat(AT_FDCWD, "", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5385] futex(0x7f80498107bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] <... futex resumed>) =